From 086ce57feaff05ea5cd4b8e35d487e004a31b8b9 Mon Sep 17 00:00:00 2001 From: dmaiocchi Date: Mon, 11 Feb 2019 14:04:27 +0100 Subject: [PATCH] Add some details about certs --- .../docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md index 436b6ccfbd302..3422c4d3cdb75 100644 --- a/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md +++ b/content/en/docs/tasks/administer-cluster/kubeadm/kubeadm-certs.md @@ -23,9 +23,12 @@ You should be familiar with [PKI certificates and requirements in Kubernetes](/d ## Renew certificates with the certificates API -Kubeadm can renew certificates with the `kubeadm alpha certs renew` commands. +The Kubernetes certificates reach normally their expiration date after 1 Year. + +Kubeadm can renew certificates with the `kubeadm alpha certs renew` commands; you should run this command on Master only. Typically this is done by loading on-disk CA certificates and keys and using them to issue new certificates. + This approach works well if your certificate tree is self-contained. However, if your certificates are externally managed, you might need a different approach.