Requesting to add a configuration setting for how long k3s certificates are good for #561
Comments
|
I'll take a note to apply this setting, but it's not a good practice not to update a cluster in a year. I update my clusters every 1-2 months and the certificates get rotated automatically that way, so I have never had this problem. |
|
I try and take a don't fix what's not broken approach. If my production servers are running fine, I don't want to risk updating them and causing potential downtime. |
|
I understand what you mean, but with Kubernetes it's always best not to wait for too long between upgrades because it evolves very quickly so there is a high chance to run into issues with incompatible software etc if you don't upgrade your clusters for a very long time. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I rarely restart my production cluster, so every year I will run into the expired certificate problem. K3S does appear to have a customizable setting for how long until expiration, which I would want to set to 10+ years or something.
https://github.com/rancher/dynamiclistener/blob/master/README.md
Here is the discussion where I learned of this setting:
k3s-io/k3s#3253
The text was updated successfully, but these errors were encountered: