RKE2 1.31.7 (RPM install) on RHEL9.4
I am getting ...
# rke2h
hundreds-evening-84071
04/10/2025, 11:26 PMRKE2 1.31.7 (RPM install) on RHEL9.4
I am getting this in events:
Copy code
Node certificates require attention - restart rke2 on this node to trigger automatic rotation:systemctl restart rke2-serverhundreds-evening-84071
04/10/2025, 11:29 PMor perhaps I should give it some time and check it after few minutes
c
creamy-pencil-82913
04/10/2025, 11:48 PMWhat are you seeing that indicates it did not rotate the certs?
creamy-pencil-82913
04/10/2025, 11:48 PMIf this is an agent, you may need to check for similar events on server nodes, and rotate (or restart) those first. Some certs are only regenerated on server restart.
h
hundreds-evening-84071
04/10/2025, 11:53 PMits just the cluster events that is showing that
hundreds-evening-84071
04/10/2025, 11:55 PMthis is the message:
Copy code
Node certificates require attention - restart rke2 on this node to trigger automatic rotation: kube-proxy/client-kube-proxy.crt: certificate CN=system:kube-proxy will expire within 90 days at 2025-06-21T22:27:52Z, rke2-controller/client-rke2-controller.crt: certificate CN=system:rke2-controller will expire within 90 days at 2025-06-21T22:27:52Zhundreds-evening-84071
04/10/2025, 11:55 PMand this exact event is for all 3 nodes
c
creamy-pencil-82913
04/10/2025, 11:57 PMthe event doesn’t go away just because the cert is updated. The event happened, and it will continue to have happened until the event resource expires and is deleted 1 hour after creation.
creamy-pencil-82913
04/10/2025, 11:58 PMWe don’t emit an “all certs are OK” event, so you’ll just see that event eventually disappear after it expires.
h
hundreds-evening-84071
04/10/2025, 11:58 PMoh! thank you I will check back
c
creamy-pencil-82913
04/11/2025, 2:15 AMI created https://github.com/k3s-io/k3s/issues/12107 to track this as an enhancement
h
hundreds-evening-84071
04/11/2025, 2:15 PMthank you! for all that you do for us users
Happy Friday
11 Views