This message was deleted.
# k3s
a
This message was deleted.
c
That is just for the CA certs. The client and server certs are still only valid for a year.
c
Thanks @creamy-pencil-82913 can i create those myself as well with similar expiration? If so do you know where to find examples of where its done in the installer script
c
Not easily. There are a lot of them and we don't have any instructions covering that as it's not something that we generally recommend hand-rolling. If you're not patching, just schedule the k3s service to restart once a month and you should be fine.
Restarting k3s won't take your workload down, if that's what you're concerned about
c
yes that was my concern. how does that work if i have incoming requests?
c
Requests to what
c
services runing within k3s
c
All the pods keep running. The iptables rules routing traffic remain in place. Your workload shouldn't be affected at all by restating it. I would do some testing to see what the impact of a restart actually is before you do a bunch of work to try to extend the cert validity by hand when the restarts are unlikely to cause even a blip in your apps.
🙌 1
c
Ah thanks that makes total sense. Thanks for all the help @creamy-pencil-82913 🤩