This message was deleted.
# rke2a
adamant-kite-43734
07/30/2023, 11:42 PMThis message was deleted.
✅ 1
c
creamy-pencil-82913
07/31/2023, 7:56 PMAre you sure you’re using the latest cert and key from rke2.yaml? The admin cert should be refreshed when they are about to expire, along with the rest of the client and server certs
creamy-pencil-82913
07/31/2023, 7:56 PMIf you made a copy of it at some point, you might need to update it.
h
hallowed-breakfast-56871
07/31/2023, 7:57 PMI'll double check what my jnr admin pulled.
So this means the yaml is updated on a certificate rollover, be that automated, or manual?
c
creamy-pencil-82913
07/31/2023, 7:57 PMthe admin kubeconfig is regenerated every time RKE2 starts. The client and server certs are also checked during startup, and renewed if they are within 90 days of expiring.
👍 1
creamy-pencil-82913
07/31/2023, 7:58 PMIf you copy the admin kubeconfig somewhere else, then the base64-encoded certificate embedded in it would have expired, and you’ll need to obtain a new copy from the server.
👍 1
h
hallowed-breakfast-56871
07/31/2023, 8:01 PMThank you @creamy-pencil-82913 - I've pulled the file myself, and confirmed that works. Really appreciate that.
Great to clarify the roll over process too!
4 Views