How to renew a certificate in Kubernetes 1.12
Hi I am currently working on renewing my certificate on Kubernetes version 1.12.
The certificate expires after a month. Before the certificate expires We need to renew the certificate and apply it to all systems to make the service work.
Does anyone have any manuals or anything like this? The opinions of experts are also good.
Even if I search with Google, there is only certificate renewal for the latest version, and there is no information on applying the service after certificate renewal related to older versions such as 1.12.
Please help.
Here's how I installed it.
sudo apt-get update && sudo apt-get install -qy docker.io
sudo apt-get update && sudo apt-get install -y apt-transport-https && curl -s
https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list &&
sudo apt-get update
apt-get install kubelet=1.12.3-00 kubeadm=1.12.3-00 kubernetes-cni=0.6.0-00 keepalived haproxy
Here is some additional information. This is version information.
kubeadm version: &version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.3", GitCommit:"435f92c719f279a3a67808c80521ea17d5715c66", GitTreeState:"clean", BuildDate:"2018-11-26T12:54:02Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}
Here is some additional information. This is a command error.
kubeadm certs check-expiration
Error: unknown command "certs" for "kubeadm" Run 'kubeadm --help' for usage. error: unknown command "certs" for "kubeadm"
Solution 1:
Try running
kubeadm alpha certs check-expiration
Commands that are standardised in later versions might have been released as experimental sub commands in older versions of k8s; hence the "alpha" prefix.
If the above works you can then renew all certs using:
kubeadm alpha certs renew all
In newer versions of k8s, there is a mechanism to set up jobs that run periodically in order to automatically renew certificates. You would have to make do with doing this manually or scriptifying it with your current k8s version