Skip to content

Instantly share code, notes, and snippets.

@niusmallnan

niusmallnan/k3s-certs.txt

Last active May 12, 2023 01:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save niusmallnan/655b6b03680d0ac1cfb5b945dbedd9cd to your computer and use it in GitHub Desktop.
Save niusmallnan/655b6b03680d0ac1cfb5b945dbedd9cd to your computer and use it in GitHub Desktop.
Download ZIP
K3s Certificates
Raw
k3s-certs.txt
## Custom lifetime of certs
## Require rancher/dynamiclistener >=v0.3.4
## https://github.com/rancher/dynamiclistener/commit/7b5997cee90b9b0fea9dc8e79df3c82976a2d378
cat << EOF > /etc/default/k3s
CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650
EOF
cat << EOF > /etc/default/k3s-agent
CATTLE_NEW_SIGNED_CERT_EXPIRATION_DAYS=3650
EOF
## Install via https://docs.k3s.io/quick-start
## Check certs
for i in `ls /var/lib/rancher/k3s/server/tls/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done
for i in `ls /var/lib/rancher/k3s/server/tls/*/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done
for i in `ls /var/lib/rancher/k3s/agent/*.crt`; do echo $i; openssl x509 -enddate -noout -in $i; done
## K3s API
kubectl get secret -n kube-system k3s-serving -o jsonpath='{.data.tls\.crt}' | base64 -d | openssl x509 -noout -text
openssl s_client -connect localhost:6443 </dev/null 2>/dev/null | openssl x509 -enddate -noout
cat /var/lib/rancher/k3s/server/tls/dynamic-cert.json
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment