This message was deleted.
# k3sa
adamant-kite-43734
06/27/2024, 8:28 AMThis message was deleted.
h
hundreds-evening-84071
06/27/2024, 12:39 PMwhen you are doing OS maintenance k3s gets restarted - that should be enough ?
> Any certificates that are expired, or within 90 days of expiring, are automatically renewed every time K3s starts.
https://docs.k3s.io/cli/certificate?_highlight=certificates#rotating-client-and-server-certificates
i
incalculable-television-55513
06/28/2024, 1:42 AMI know that, but I find this method inefficient given the scale of my infrastructure. With six clusters and around 80 nodes, I would have to login to each node sequentially to restart the k3s process, which is quite cumbersome to me.
h
hundreds-evening-84071
06/28/2024, 2:47 AMwith that many nodes I am sure your org have some automation tools
👍 1
hundreds-evening-84071
06/28/2024, 2:49 AMyou can always create an issue on k3s github page to see if they can consider generating longer term cert
i
incalculable-television-55513
06/28/2024, 3:44 AMAll right, I would like to raise an issue on GitHub, thanks a lot
n
nutritious-tomato-14686
07/01/2024, 6:28 PMWe have no plans to expand the expiration date of our certificates. If you are managing that many nodes, using rancher for cluster managements or at least some script tooling like ansible is the recommended course of action.
➕ 2
👌 1