How do I set the certificate for k8s to more than 1 year?

  docker, kubectl, kubernetes, kubernetes-pod, ssl

I’m a novice k8s engineer.
Until now, I have managed the k8s certificate by manually renewing it once a year.

However, I became curious about how to set the certificates below for more than 1 year in the first place.

[[email protected] ~]# kubeadm alpha certs check-expiration

CERTIFICATE                EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
admin.conf                 May 21, 2022 01:29 UTC   311d            no      
apiserver                  May 21, 2022 01:29 UTC   311d            no      
apiserver-etcd-client      May 21, 2022 01:29 UTC   311d            no      
apiserver-kubelet-client   May 21, 2022 01:29 UTC   311d            no      
controller-manager.conf    May 21, 2022 01:29 UTC   311d            no      
etcd-healthcheck-client    May 21, 2022 01:29 UTC   311d            no      
etcd-peer                  May 21, 2022 01:29 UTC   311d            no      
etcd-server                May 21, 2022 01:29 UTC   311d            no      
front-proxy-client         May 21, 2022 01:29 UTC   311d            no      
scheduler.conf             May 21, 2022 01:29 UTC   311d            no      

Can these certificates be extended by more than a year? (nearly 10 years..?)

k8s version is 1.16

I can use a private certificate. It doesn’t matter which way.
(There is a limit to searching because I am not good at English.)

Please tell me how to renew the K8s certificate(api..) only once every 10 years!

Source: Docker Questions

LEAVE A COMMENT