beta.blog

Let’s take a look at the following example:

microk8s refresh-certs -c
The CA certificate will expire in 3044 days.
The server certificate will expire in 229 days.
The front proxy client certificate will expire in -136 days.

The output of the microk8s refresh-certs -c command provides information about the expiration dates of various certificates used by the MicroK8s deployment. Here’s a breakdown of what each line means:

1. The CA certificate will expire in 3044 days.
   • This line indicates that the Certificate Authority (CA) certificate, which is used to sign other certificates, will expire in 3044 days. This is a relatively long period, suggesting the CA certificate is still valid for many years.
2. The server certificate will expire in 229 days.
   • This line shows that the server certificate, which is used to authenticate the server in the Kubernetes cluster, will expire in 229 days. This means we have about 7-8 months before this certificate needs to be renewed.
3. The front proxy client certificate will expire in -136 days.
   • This line indicates that the front proxy client certificate, which is used by the front proxy client to authenticate requests, expired 136 days ago. The negative number suggests that this certificate has already expired and needs immediate attention.

The front proxy client certificate has already expired (-136 days ago). We should renew or replace this certificate as soon as possible to ensure proper functioning of the MicroK8s deployment.

We may now either refresh the certificates manually:

microk8s refresh-certs --cert front-proxy-client.crt
microk8s refresh-certs --cert server.crt
microk8s refresh-certs --cert ca.crt

Or even better, set up automatic renewal:

microk8s enable cert-rotation