This message was deleted.
# k3sa
adamant-kite-43734
02/21/2023, 9:27 AMThis message was deleted.
c
creamy-pencil-82913
02/21/2023, 9:30 AMThat is just for the CA certs. The client and server certs are still only valid for a year.
c
cold-rain-40382
02/21/2023, 9:32 AMThanks @creamy-pencil-82913 can i create those myself as well with similar expiration? If so do you know where to find examples of where its done in the installer script
c
creamy-pencil-82913
02/21/2023, 9:34 AMNot easily. There are a lot of them and we don't have any instructions covering that as it's not something that we generally recommend hand-rolling. If you're not patching, just schedule the k3s service to restart once a month and you should be fine.
creamy-pencil-82913
02/21/2023, 9:35 AMRestarting k3s won't take your workload down, if that's what you're concerned about
c
cold-rain-40382
02/21/2023, 9:36 AMyes that was my concern. how does that work if i have incoming requests?
c
creamy-pencil-82913
02/21/2023, 9:36 AMRequests to what
c
cold-rain-40382
02/21/2023, 9:37 AMservices runing within k3s
c
creamy-pencil-82913
02/21/2023, 9:39 AMAll the pods keep running. The iptables rules routing traffic remain in place. Your workload shouldn't be affected at all by restating it. I would do some testing to see what the impact of a restart actually is before you do a bunch of work to try to extend the cert validity by hand when the restarts are unlikely to cause even a blip in your apps.
🙌 1
c
cold-rain-40382
02/21/2023, 9:43 AMAh thanks that makes total sense. Thanks for all the help @creamy-pencil-82913 🤩
4 Views