Certificates on Exoscale Academy

Certificates on Exoscale Academyhttps://layer5io.github.io/exoscale-academy/pr-preview/pr-378/learning-paths/1e2a8e46-937c-47ea-ab43-5716e3bcab2e/workshop-cka-preparation/10.operations/exercises/cert/Recent content in Certificates on Exoscale AcademyHugoenSolutionhttps://layer5io.github.io/exoscale-academy/pr-preview/pr-378/learning-paths/1e2a8e46-937c-47ea-ab43-5716e3bcab2e/workshop-cka-preparation/10.operations/exercises/cert/solution/Mon, 01 Jan 0001 00:00:00 +0000https://layer5io.github.io/exoscale-academy/pr-preview/pr-378/learning-paths/1e2a8e46-937c-47ea-ab43-5716e3bcab2e/workshop-cka-preparation/10.operations/exercises/cert/solution/<ol> <li>Check the current certificate expiration dates</li> </ol> <p>Run the following command from the control plane node.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>sudo kubeadm certs check-expiration </span></span></code></pre></div><p>This command shows all certificates managed by kubeadm and their expiration dates:</p> <ul> <li>admin.conf (client certificate for kubectl)</li> <li>apiserver (API server serving certificate)</li> <li>apiserver-etcd-client (API server to etcd client certificate)</li> <li>apiserver-kubelet-client (API server to kubelet client certificate)</li> <li>controller-manager.conf (controller manager client certificate)</li> <li>etcd-healthcheck-client (etcd health check client certificate)</li> <li>etcd-peer (etcd peer certificate for cluster communication)</li> <li>etcd-server (etcd server certificate)</li> <li>front-proxy-client (front proxy client certificate)</li> <li>scheduler.conf (scheduler client certificate)</li> <li>super-admin.conf (client certificate bypassing authorization layer)</li> </ul> <div class="hextra-callout alert alert-warning d-flex align-items-start" role="alert"> <div class="flex-shrink-0 me-2"><svg height="1.2em" class="d-inline-block align-middle" xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="2" stroke="currentColor" aria-hidden="true"><path stroke-linecap="round" stroke-linejoin="round" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z"/></svg></div> <div class="flex-grow-1 hextra-callout-content"><ul> <li>By default, kubeadm certificates are valid for 1 year. You should renew them before they expire to avoid cluster outages.</li> <li>Certificate are automatically renewed during each upgrade of the control plane.</li> </ul> </div> </div> <ol start="2"> <li>Renew the certificates using kubeadm</li> </ol> <p>You can renew all certificates at once.</p>