How to test certificate rotation

Jump to bottom

Cesar Celis Hernandez edited this page Sep 15, 2023 · 3 revisions

How to test certificate rotation:

Change --cluster-signing-duration from 1 year to 15 minutes:

How to change kube-controller-manager in kubernetes

Deploy Operator
Deploy Tenant
Observe how the tenant tls secret gets rotated every 15 minutes or so:

From:

        Validity
            Not Before: Sep 15 13:33:42 2023 GMT
            Not After : Sep 15 13:53:42 2023 GMT

To:

        Validity
            Not Before: Sep 15 13:47:31 2023 GMT
            Not After : Sep 15 14:07:31 2023 GMT

Additional information:

For reading/decoding a cert, use openssl commands like:

openssl x509 -in public-2.crt -text

Clone this wiki locally