Kubernetes Certificate Renewal

For Kubernetes Clusters deployed by Kubespray

There are two cases:

1. Certificates are not expired
2. Certificates are already expired

Here is how the Kubernetes certificates can be renewed.

When Certificates Are Still Valid:

Assuming that existing certificates are not expired, the steps to renew are straight-forward.

First, we connect a k8s master node and check the certificates.

kubeadm certs check-expiration output

Then, we renew all certificates.

kubeadm certs renew all output

Now, all the certificates are renewed. We can check again and verify the renewals.

All the certificates are renewed

Then, we reboot the master node.

We repeat these steps for each remaining master node. In short, we run these commands on each master node.

sudo kubeadm certs check-expiration   # check
sudo kubeadm certs renew all
sudo kubeadm certs…