Coder Social home page Coder Social logo

Comments (1)

VestigeJ avatar VestigeJ commented on July 4, 2024

Reproduced using v1.30.0+k3s1

Validated using COMMIT=1661f1024a68245bf768925a326ca558f2ea527e

$ sudo mkdir -p /var/lib/rancher/k3s/server/tls;
$ sudo mkdir -p /var/lib/rancher/k3s/server/tls/etcd;
$ sudo openssl genrsa -out /var/lib/rancher/k3s/server/tls/root-ca.key 4096;
$ sudo openssl req -x509 -new -nodes -sha256 -days 360 -subj "/CN=k3s-root-ca@test" -key /var/lib/rancher/k3s/server/tls/root-ca.key -out /var/lib/rancher/k3s/server/tls/root-ca.pem;
$ curl -sL https://github.com/k3s-io/k3s/raw/master/contrib/util/generate-custom-ca-certs.sh | sudo bash -;
$ sudo INSTALL_K3S_VERSION=v1.30.0+k3s1 INSTALL_K3S_EXEC=server ./install-k3s.sh

//attention to 90 days expiry despite the certificate being created for 365 days
$ kg events --field-selector involvedObject.kind==Node

LAST SEEN   TYPE      REASON                           OBJECT                  MESSAGE
2m29s       Normal    NodePasswordValidationComplete   node/ip-ip   Deferred node password secret validation complete
2m29s       Warning   CACertificateExpirationWarning   node/ip-ip   Certificate authority certificates require attention - check k3s documentation and begin planning rotation: certificate-authority/server-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z, certificate-authority/client-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z, certificate-authority/request-header-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z, certificate-authority/peer-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z, certificate-authority/server-ca.crt: certificate CN=k3s-root-ca@test will expire within 90 days at 2025-05-30T18:33:31Z
2m29s       Normal    Starting                         node/ip-ip   Starting kubelet.
2m29s       Normal    NodeHasSufficientMemory          node/ip-ip   Node ip-ip status is now: NodeHasSufficientMemory
2m29s       Normal    NodeHasNoDiskPressure            node/ip-ip   Node ip-ip status is now: NodeHasNoDiskPressure
2m29s       Normal    NodeHasSufficientPID             node/ip-ip   Node ip-ip status is now: NodeHasSufficientPID
2m28s       Normal    Starting                         node/ip-ip
2m29s       Normal    NodeAllocatableEnforced          node/ip-ip   Updated Node Allocatable limit across pods
2m28s       Normal    NodeReady                        node/ip-ip   Node ip-ip status is now: NodeReady
2m25s       Normal    Synced                           node/ip-ip   Node synced successfully
2m18s       Normal    RegisteredNode                   node/ip-ip   Node ip-ip event: Registered Node ip-ip in Controller

$ sudo mkdir -p /var/lib/rancher/k3s/server/tls;
$ sudo mkdir -p /var/lib/rancher/k3s/server/tls/etcd;
$ sudo openssl genrsa -out /var/lib/rancher/k3s/server/tls/root-ca.key 4096;
$ sudo openssl req -x509 -new -nodes -sha256 -days 360 -subj "/CN=k3s-root-ca@test" -key /var/lib/rancher/k3s/server/tls/root-ca.key -out /var/lib/rancher/k3s/server/tls/root-ca.pem;
$ curl -sL https://github.com/k3s-io/k3s/raw/master/contrib/util/generate-custom-ca-certs.sh | sudo bash -;
$ COMMIT=1661f1024a68245bf768925a326ca558f2ea527e
$ sudo INSTALL_K3S_COMMIT=$COMMIT INSTALL_K3S_EXEC=server ./install-k3s.sh

//attention to 365 days
$ kg events --field-selector involvedObject.kind==Node

LAST SEEN   TYPE      REASON                           OBJECT                  MESSAGE
11s         Normal    NodePasswordValidationComplete   node/ip-ip   Deferred node password secret validation complete
11s         Warning   CACertificateExpirationWarning   node/ip-ip   Certificate authority certificates require attention - check k3s documentation and begin planning rotation: certificate-authority/server-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z, certificate-authority/client-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z, certificate-authority/request-header-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z, certificate-authority/peer-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z, certificate-authority/server-ca.crt: certificate CN=k3s-root-ca@test will expire within 365 days at 2025-05-30T18:40:12Z
11s         Normal    Starting                         node/ip-ip   Starting kubelet.
11s         Warning   InvalidDiskCapacity              node/ip-ip   invalid capacity 0 on image filesystem
11s         Normal    NodeHasSufficientMemory          node/ip-ip   Node ip-ip status is now: NodeHasSufficientMemory
11s         Normal    NodeHasNoDiskPressure            node/ip-ip   Node ip-ip status is now: NodeHasNoDiskPressure
11s         Normal    NodeHasSufficientPID             node/ip-ip   Node ip-ip status is now: NodeHasSufficientPID
11s         Normal    NodeAllocatableEnforced          node/ip-ip   Updated Node Allocatable limit across pods
10s         Normal    NodeReady                        node/ip-ip   Node ip-ip status is now: NodeReady
10s         Normal    Starting                         node/ip-ip
8s          Normal    Synced                           node/ip-ip   Node synced successfully

from k3s.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.