k8s-config/docs/rotating_k3s_certs.md

Rotating k8s certs

Problem: k3s client certs, including the admin cert expire after 1 year.

To see cert:

cat ~/.kube/config | grep client-certificate-data | cut -f2 -d : | tr -d ' ' | base64 -d | openssl x509 -text -out -

ssh jimmy@192.168.1.103
sudo systemctl stop k3s
sudo k3s certificate rotate
sudo systemctl start k3s

sudo cp /etc/rancher/k3s/k3s.yaml ~/j7s-cluster.yaml
sudo chown jimmy:jimmy ~/j7s-cluster.yaml
exit

rm  ~/.kube/j7s-cluster.yaml
scp jimmy@192.168.1.103:~/j7s-cluster.yaml /home/jimmy/.kube/.
# Use text editor to fix IP in file.

export KUBECONFIG=~/.kube/j7s-cluster.yaml
kubectl get nodes