kingsd041/k3s-certs.txt

## k3s-certs.txt
## Custom lifetime of certs
cat << EOF > /etc/default/k3s
CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650
EOF

curl -sfL https://get.k3s.io |  sh -

## Check certs
for i in `ls /var/lib/rancher/k3s/server/tls/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done

for i in `ls /var/lib/rancher/k3s/server/tls/*/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done

for i in `ls /var/lib/rancher/k3s/agent/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done

## K3s API
kubectl get secret -n kube-system k3s-serving -o jsonpath='{.data.tls\.crt}' | base64 -d | openssl x509 -noout -text
openssl s_client -connect localhost:6443 </dev/null 2>/dev/null | openssl x509 -enddate -noout
cat /var/lib/rancher/k3s/server/tls/dynamic-cert.json
	## Custom lifetime of certs
	cat << EOF > /etc/default/k3s
	CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650
	EOF

	curl -sfL https://get.k3s.io \| sh -

	## Check certs
	for i in `ls /var/lib/rancher/k3s/server/tls/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done

	for i in `ls /var/lib/rancher/k3s/server/tls//.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done

	for i in `ls /var/lib/rancher/k3s/agent/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done

	## K3s API
	kubectl get secret -n kube-system k3s-serving -o jsonpath='{.data.tls\.crt}' \| base64 -d \| openssl x509 -noout -text
	openssl s_client -connect localhost:6443 </dev/null 2>/dev/null \| openssl x509 -enddate -noout
	cat /var/lib/rancher/k3s/server/tls/dynamic-cert.json