jbeda
commented
2 years ago I unfortunately don't have access to the heptio youtube account anymore. My permissions got lost during all of the account transitions. I'll try and chased this down.
Open ak2766 opened 3 years ago
jbeda
commented
2 years ago I unfortunately don't have access to the heptio youtube account anymore. My permissions got lost during all of the account transitions. I'll try and chased this down.
ak2766
commented
2 years ago Thanks for getting back. I was able to finally add it by split it into 2 shorter messages that did not hit some limit I wasn't aware of.
That video is really awesome and I always share the link when someone asks about certificate expiry.
I tried adding a TOC / Video Timeline to the YouTube video but unable to.
Maybe @mauilion could post the stuff below for others to benefit
TOC for TGIK 077
``` 00:53 - Welcome 03:37 - Hackmd 12:30 - Rough Outline 12:44 - Problem Setup 14:45 - Setup k8s cluster with short lived certificates 28:17 - Replace kubeadm with unpatched version 31:21 - Exposing certificate expiry time 32:21 - Inspecting certificates 44:55 - Certificates expire 49:35 - Importance of kubeadm.conf 52:00 - Minting new admin.conf 55:00 - Check validity of certificate in admin.conf 55:37 - Can kubectl now talk to cluster 57:00 - Let the fix begin 58:16 - Bring it all down 1:00:39 - Clear certificates on first control plane node 1:03:48 - Generating new certs - don't forget to reference kubeadm.conf 1:05:24 - Fix first control plane node 1:06:24 - ETCD not a happy camper - no quorum 1:07:05 - Fix second control plane node 1:11:12 - Fix third control plane node 1:12:35 - ETCDClient - to check on etcd cluster health 1:17:12 - Troubleshoot controller managers 1:24:33 - Kubelet authentication - how workers renew their certificates 1:37:56 - Topic Check 1:38:33 - Certs vs Tokens 1:44:43 - How to extract kubeadm.conf from cluster - kubeadm config view 1:46:56 - Rotate certificate before they expire - from v1.15+ 1:48:18 - Skull Canyon Intel NUC ```