Add k3s certificate draft.

2024-02-28 01:59:21 +00:00 · 2024-02-28 01:59:21 +00:00 · 89fc456ec2
parent c2253f11a5
commit 89fc456ec2
1 changed files with 41 additions and 0 deletions
--- a/_drafts/rotating_k3s_certs.md
+++ b/_drafts/rotating_k3s_certs.md
@ -0,0 +1,41 @@
+---
+title: "Draft"
+author: "James Pace"
+date: "2024/01/01"
+---
+
+Problem: k3s client certs, including the admin cert expire after 1 year.
+
+To see cert:
+```
+cat ~/.kube/config | grep client-certificate-data | cut -f2 -d : | tr -d ' ' | base64 -d | openssl x509 -text -out -
+```
+
+```
+ssh jimmy@192.168.1.103
+sudo systemctl stop k3s
+sudo k3s certificate rotate
+sudo systemctl start k3s
+
+
+```
+
+```
+sudo cp /etc/rancher/k3s/k3s.yaml ~/j7s-cluster.yaml
+sudo chown jimmy:jimmy ~/j7s-cluster.yaml
+exit
+
+```
+
+```
+rm  ~/.kube/j7s-cluster.yaml
+scp jimmy@192.168.1.103:~/j7s-cluster.yaml /home/jimmy/.kube/.
+# Use text editor to fix IP in file.
+
+```
+
+```
+export KUBECONFIG=~/.kube/j7s-cluster.yaml
+kubectl get nodes
+```
+