sudo kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[check-expiration] Error reading configuration from the Cluster. Falling back to default configuration
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Mar 11, 2024 18:17 UTC 1d no
apiserver Dec 04, 2023 17:03 UTC <invalid> ca no
apiserver-etcd-client Dec 04, 2023 17:03 UTC <invalid> etcd-ca no
apiserver-kubelet-client Dec 04, 2023 17:03 UTC <invalid> ca no
controller-manager.conf Dec 04, 2023 17:03 UTC <invalid> no
etcd-healthcheck-client Dec 04, 2023 17:03 UTC <invalid> etcd-ca no
etcd-peer Dec 04, 2023 17:03 UTC <invalid> etcd-ca no
etcd-server Dec 04, 2023 17:03 UTC <invalid> etcd-ca no
front-proxy-client Dec 04, 2023 17:03 UTC <invalid> front-proxy-ca no
scheduler.conf Dec 04, 2023 17:03 UTC <invalid> no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Jun 24, 2032 19:58 UTC 8y no
etcd-ca Jun 24, 2032 19:58 UTC 8y no
front-proxy-ca Jun 24, 2032 19:58 UTC 8y no
sudo kubeadm certs check-expiration
sudo kubeadm certs renew all
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[renew] Error reading configuration from the Cluster. Falling back to default configuration
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed
Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.
sudo kubeadm certs renew all
sudo kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[check-expiration] Error reading configuration from the Cluster. Falling back to default configuration
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Mar 09, 2025 18:49 UTC 364d no
apiserver Mar 09, 2025 18:49 UTC 364d ca no
apiserver-etcd-client Mar 09, 2025 18:49 UTC 364d etcd-ca no
apiserver-kubelet-client Mar 09, 2025 18:49 UTC 364d ca no
controller-manager.conf Mar 09, 2025 18:49 UTC 364d no
etcd-healthcheck-client Mar 09, 2025 18:49 UTC 364d etcd-ca no
etcd-peer Mar 09, 2025 18:49 UTC 364d etcd-ca no
etcd-server Mar 09, 2025 18:49 UTC 364d etcd-ca no
front-proxy-client Mar 09, 2025 18:49 UTC 364d front-proxy-ca no
scheduler.conf Mar 09, 2025 18:49 UTC 364d no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Jun 24, 2032 19:58 UTC 8y no
etcd-ca Jun 24, 2032 19:58 UTC 8y no
front-proxy-ca Jun 24, 2032 19:58 UTC 8y no
