Managed Kubernetes
Latest
Frequently Asked Questions
Solutions
How Tos
Internal Only
Templates
Powered By
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
How to Increase the Validity of Certificate Based Kubeconfig
Copy Markdown
Open in ChatGPT
Open in Claude
Problem
How to increase the validity of certificate-based kubeconfig.
Environment
- Platform9 Managed Kubernetes - All versions
- For PMK (SaaS) support team will carry out the procedure below. Please open a Support Ticket.
- For PEC/SMCP (air-gapped), the steps can be performed from the management plane.
Procedure
How to access the Qbert Database:
- If using PEC, SSH to the management plane VM and run
mysql qbert. - If using SMCP, exec into the mysql exporter pod in the management plane cluster and run
mysql qbert.
- The default validity of certificate-based kubeconfig is 24 hours. Which is set by a parameter
certExpiryHrsin Qbert Database.
mysql
xxxxxxxxxxqbert> select id,name,uuid,status,lastOk,lastOp,taskStatus,kubeRoleVersion,certExpiryHrs from clusters\G;Example:
mysql
xxxxxxxxxxqbert> select id,name,uuid,status,lastOk,lastOp,taskStatus,kubeRoleVersion,certExpiryHrs from clusters\G;*************************** 1. row *************************** id: 2 name: cluster1 uuid: ed4153e1-0ff9-4bc0-8abb-eebad5f16e70 status: ok lastOk: 2022-03-30 09:49:16.581 lastOp: 2022-03-30 09:46:20.036 taskStatus: successkubeRoleVersion: 1.20.15-pmk.2100 certExpiryHrs: 24- To increase or decrease the validity of certificate-based kubeconfig, update the
certExpiryHrsin Qbert Database for the respective cluster.
mysql
xxxxxxxxxxqbert> update clusters set certExpiryHrs='<TIME_IN_HOURS>' where uuid='<UUID_OF_CLUSTER>';Example:
mysql
xxxxxxxxxxqbert> update clusters set certExpiryHrs='48' where uuid='ed4153e1-0ff9-4bc0-8abb-eebad5f16e70'; # mysql qbert -e "select id,name,uuid,status,lastOk,lastOp,taskStatus,kubeRoleVersion,certExpiryHrs from clusters\G"*************************** 1. row *************************** id: 2 name: cluster1 uuid: ed4153e1-0ff9-4bc0-8abb-eebad5f16e70 status: ok lastOk: 2022-03-30 09:53:37.353 lastOp: 2022-03-30 09:46:20.036 taskStatus: successkubeRoleVersion: 1.20.15-pmk.2100 certExpiryHrs: 48- After updating the Qbert Database, Check the validity of newly generated certificate-based kubeconfigs.
bash
xxxxxxxxxx# echo "<client_cert>" | base64 -d| openssl x509 -noout -datesnotBefore=Mar 30 09:57:04 2022 GMTnotAfter=Apr 1 09:57:34 2022 GMTExample:
bash
xxxxxxxxxx# echo "<client_cert>" | base64 -d| openssl x509 -noout -datesnotBefore=Mar 30 09:57:04 2022 GMTnotAfter=Apr 1 09:57:34 2022 GMTThe changes made to the Qbert Database are persistent through Cluster and Management plane upgrades.
Additional Information
Refer to the document for instructions on how to open a support ticket.
VariableType to search · ESC to discard
GlossaryType to search · ESC to discard
InsertType to search · ESC to discard
No matches
Last updated on
Was this page helpful?
Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message