When will my cluster certificates expire?

Follow
Table of Contents

Question

I have a cluster which is displaying the message "This cluster has certs that are expiring or have expired". Is there any way to determine when the certs will expire?

Pre-requisites

Kubernetes clusters provisioned via the RKE, or Rancher launched Kubernetes clusters

Answer

Dates on when particular certificates will expire are located in the Rancher API.

To view them, from the "Clusters" page, click the three-dot menu on your cluster and "View in API" Scroll down or search for the section called "certificatesExpiration" There you can see the expiration date for each kubernetes component

FYI, as of Rancher 2.3.5, there is a known issue that old, removed nodes still appear in this list. This is cosmetic and won't affect your running cluster: https://github.com/rancher/rancher/issues/24333

Further Reading

  • https://support.rancher.com/hc/en-us/articles/360038509831-Rancher-Operational-Advisory-Take-Action-Manual-Rotation-of-Certificates-in-Rancher-Kubernetes-Clusters
  • https://rancher.com/blog/2019/kubernetes-certificate-expiry-and-rotation-in-rancher-kubernetes-clusters
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.