https://rancher.com/ logo
#general
Title
# general
a

able-window-95223

10/05/2022, 1:15 AM
Hello here, does anybody know if the kube-apiserver server certificate should be automatically rotated in rancher? If so, any thoughts on what could cause it to not rotate? I have cluster run on a rancher console 2.5.8 and woke this morning to an error like this:
x509: certificate has expired or is not yet valid
. I was able to rotate the cert through UI, but I wonder what could have caused it to not rotate. This is a cluster provisioned through terraform.
l

limited-pizza-33551

10/06/2022, 10:36 AM
Hey Abdoul, per the documentation it does seem that the certificates get generated but you have to manually rotate them via the UI - https://docs.ranchermanager.rancher.io/v2.5/how-to-guides/advanced-user-guides/manage-clusters/rotate-certificates
a

able-window-95223

10/06/2022, 1:27 PM
Yea @limited-pizza-33551. I did see that! What's not clicking for me is that I have a fleet of 20 clusters that I manage and this is the very first time I am having to do to rotate the kube-apiserver cert manually. Granted the cluster this happened on is low traffic and never had a scale up and down activity since creation. Do you know if certain operations such as adding or removing nodes for example can trigger the cert rotation?
3 Views