Microk8s でSSL証明書の期限が切れた時の更新方法

2023-08-21 10:08 (9ヶ月前) ytyng

Micro k8s ( Kubernetes )を操作しようとして

Unable to connect to the server: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-08-21T09:52:50+09:00 is after 2023-08-19T07:31:15Z

が出た時の対応方法です。

まず、Kubernetes ノードで sudo microk8s.refresh-certs -c をする

$ sudo microk8s.refresh-certs -c
The CA certificate will expire in 3273 days.
The server certificate will expire in -2 days.
The front proxy client certificate will expire in -2 days.

期限切れの証明書がわかるので、それぞれの証明書を sudo microk8s.refresh-certs で更新する。

$ sudo microk8s.refresh-certs --cert=front-proxy-client.crt
Taking a backup of the current certificates under /var/snap/microk8s/5625/certs-backup/
Creating new certificates
Signature ok
subject=CN = front-proxy-client
Getting CA Private Key
Restarting service kubelite.
$ sudo microk8s.refresh-certs --cert=server.crt
Taking a backup of the current certificates under /var/snap/microk8s/5625/certs-backup/
Creating new certificates
Signature ok
subject=C = GB, ST = Canonical, L = Canonical, O = Canonical, OU = Canonical, CN = 127.0.0.1
Getting CA Private Key
Restarting service kubelite.
Restarting service cluster-agent.

結果の確認

$ sudo microk8s.refresh-certs -c
The CA certificate will expire in 3273 days.
The server certificate will expire in 364 days.
The front proxy client certificate will expire in 364 days.

期限が364days なので、1年に1回実行する必要がありそうだ。

Currently unrated

Comments

Archive

2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011