Microk8s でSSL証明書の期限が切れた時の更新方法
投稿者: ytyng 8ヶ月 前
Micro k8s ( Kubernetes )を操作しようとして
Unable to connect to the server: tls: failed to verify certificate: x509: certificate has expired or is not yet valid: current time 2023-08-21T09:52:50+09:00 is after 2023-08-19T07:31:15Zが出た時の対応方法です。
まず、Kubernetes ノードで sudo microk8s.refresh-certs -c をする
$ sudo microk8s.refresh-certs -c
The CA certificate will expire in 3273 days.
The server certificate will expire in -2 days.
The front proxy client certificate will expire in -2 days.期限切れの証明書がわかるので、それぞれの証明書を sudo microk8s.refresh-certs で更新する。
$ sudo microk8s.refresh-certs --cert=front-proxy-client.crt
Taking a backup of the current certificates under /var/snap/microk8s/5625/certs-backup/
Creating new certificates
Signature ok
subject=CN = front-proxy-client
Getting CA Private Key
Restarting service kubelite.$ sudo microk8s.refresh-certs --cert=server.crt
Taking a backup of the current certificates under /var/snap/microk8s/5625/certs-backup/
Creating new certificates
Signature ok
subject=C = GB, ST = Canonical, L = Canonical, O = Canonical, OU = Canonical, CN = 127.0.0.1
Getting CA Private Key
Restarting service kubelite.
Restarting service cluster-agent.結果の確認
$ sudo microk8s.refresh-certs -c
The CA certificate will expire in 3273 days.
The server certificate will expire in 364 days.
The front proxy client certificate will expire in 364 days.期限が364days なので、1年に1回実行する必要がありそうだ。
コメント