Reputation: 59
How to check expiry of kubernetes tokens and cert keys?
When I create a kubernetes cluster I'm getting message as
As a safeguard, uploaded-certs will be deleted in two hours; If necessary, you can use
kubeadm init phase upload-certs --upload-certs to reload certs afterward.
Even if I run the above command when will the new certs expire? Is there any way to set expiration time manually?
Upvotes: 2
Views: 5593
Answers (1)
Reputation: 44569
Expiry of certificates generated by kubeadm is 365 days. For safety reasons the certificates which are uploaded as secrets into the kubernetes cluster are deleted after 2 hours but that does not mean that the certificates are expired after 2 hours. Certificates will still be valid for 365 days and reside in the file system of the control plane nodes and when you run kubeadm init phase upload-certs --upload-certs it will be uploaded again as secret into the Kubernetes cluster.
From the docs here you can use below command to check expiration of certificates
kubeadm certs check-expiration
Upvotes: 4
Related Questions
- Kubernetes: expired certificate
- Renew kubernetes pki after expired
- Expiring Kubelet Certificate on port 10250
- Kubernetes TLS secret certificate expiration
- Kubernets (k3s): expired certs on cluster
- How to get the expiration time of the ssl certification of a kubernetes cluster with kubernetes-python-client?
- Set Expiry of Kubernetes service tokens
- will .kube/config token expired
- cert manager - Duration and renewal process of my certificates
- Refresing expired certificates on k8s