A script to extend Kubernetes kubeadm-generated certificate expiration dates to 10 years and generate 100-year certificates for new clusters.
K8s 集群证书过期处理,更新 kubeadm 生成的证书有效期为 10 年; 为新集群生成 100 年证书支持全部版本。A tool to update and extend Kubernetes certificate expiration dates to 10 years. Generate 100 years certificates for new Kubernetes cluster
This tool is used by Kubernetes administrators to manage and renew expiring certificates in kubeadm-initiated clusters, preventing service disruptions due to certificate expiration. It is especially useful for extending certificate validity in existing clusters and generating long-lived CA certificates for new Kubernetes deployments.
Run this script on all control plane nodes to ensure consistent certificate renewal. It is recommended to backup existing Kubernetes configurations as the script does automatically. Ensure the container runtime is specified correctly (e.g., containerd) for successful pod restarts. Use caution when renewing certificates in production environments to avoid service interruptions.
git clone https://github.com/yuyicai/update-kube-cert.git
cd update-kube-certbash update-kubeadm-cert.sh --cri containerd
Renew certificates to 10 years on all control plane nodes using containerd as the container runtime.