Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Requesting to add a configuration setting for how long k3s certificates are good for #561

Open
emrys90 opened this issue Mar 16, 2025 · 3 comments

Comments

@emrys90
Copy link

emrys90 commented Mar 16, 2025

I rarely restart my production cluster, so every year I will run into the expired certificate problem. K3S does appear to have a customizable setting for how long until expiration, which I would want to set to 10+ years or something.
https://github.com/rancher/dynamiclistener/blob/master/README.md

Here is the discussion where I learned of this setting:
k3s-io/k3s#3253

@vitobotta
Copy link
Owner

I'll take a note to apply this setting, but it's not a good practice not to update a cluster in a year. I update my clusters every 1-2 months and the certificates get rotated automatically that way, so I have never had this problem.

@emrys90
Copy link
Author

emrys90 commented Mar 17, 2025

I try and take a don't fix what's not broken approach. If my production servers are running fine, I don't want to risk updating them and causing potential downtime.

@vitobotta
Copy link
Owner

I understand what you mean, but with Kubernetes it's always best not to wait for too long between upgrades because it evolves very quickly so there is a high chance to run into issues with incompatible software etc if you don't upgrade your clusters for a very long time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants