1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
| root@rke2-cilium-01:~# kubectl get secret -n kube-system rke2-serving -o jsonpath='{.data.tls\.crt}' | base64 -d | openssl x509 -noout -text | grep Not Not Before: Nov 13 07:09:59 2024 GMT Not After : Apr 9 10:44:08 2026 GMT root@rke2-cilium-01:~# rke2 certificate check INFO[0000] Server detected, checking agent and server certificates INFO[0000] Checking certificates for cloud-controller INFO[0000] /var/lib/rancher/rke2/server/tls/client-rke2-cloud-controller.crt: certificate CN=rke2-cloud-controller-manager is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/client-rke2-cloud-controller.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for supervisor INFO[0000] /var/lib/rancher/rke2/server/tls/client-supervisor.crt: certificate CN=system:rke2-supervisor,O=system:masters is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/client-supervisor.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for kubelet INFO[0000] /var/lib/rancher/rke2/agent/client-kubelet.crt: certificate CN=system:node:rke2-cilium-01,O=system:nodes is ok, expires at 2026-06-13T06:03:07Z INFO[0000] /var/lib/rancher/rke2/agent/client-kubelet.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] /var/lib/rancher/rke2/agent/serving-kubelet.crt: certificate CN=rke2-cilium-01 is ok, expires at 2026-06-13T06:03:06Z INFO[0000] /var/lib/rancher/rke2/agent/serving-kubelet.crt: certificate CN=rke2-server-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for etcd INFO[0000] /var/lib/rancher/rke2/server/tls/etcd/client.crt: certificate CN=etcd-client is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/etcd/client.crt: certificate CN=etcd-server-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/etcd/server-client.crt: certificate CN=etcd-server is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/etcd/server-client.crt: certificate CN=etcd-server-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/etcd/peer-server-client.crt: certificate CN=etcd-peer is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/etcd/peer-server-client.crt: certificate CN=etcd-peer-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for scheduler INFO[0000] /var/lib/rancher/rke2/server/tls/client-scheduler.crt: certificate CN=system:kube-scheduler is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/client-scheduler.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for kube-proxy INFO[0000] /var/lib/rancher/rke2/agent/client-kube-proxy.crt: certificate CN=system:kube-proxy is ok, expires at 2026-06-13T06:03:07Z INFO[0000] /var/lib/rancher/rke2/agent/client-kube-proxy.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for rke2-controller INFO[0000] /var/lib/rancher/rke2/agent/client-rke2-controller.crt: certificate CN=system:rke2-controller is ok, expires at 2026-06-13T06:03:07Z INFO[0000] /var/lib/rancher/rke2/agent/client-rke2-controller.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for api-server INFO[0000] /var/lib/rancher/rke2/server/tls/client-kube-apiserver.crt: certificate CN=system:apiserver,O=system:masters is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/client-kube-apiserver.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/serving-kube-apiserver.crt: certificate CN=kube-apiserver is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/serving-kube-apiserver.crt: certificate CN=rke2-server-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for admin INFO[0000] /var/lib/rancher/rke2/server/tls/client-admin.crt: certificate CN=system:admin,O=system:masters is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/client-admin.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for auth-proxy INFO[0000] /var/lib/rancher/rke2/server/tls/client-auth-proxy.crt: certificate CN=system:auth-proxy is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/client-auth-proxy.crt: certificate CN=rke2-request-header-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z INFO[0000] Checking certificates for controller-manager INFO[0000] /var/lib/rancher/rke2/server/tls/client-controller.crt: certificate CN=system:kube-controller-manager is ok, expires at 2026-05-22T02:21:59Z INFO[0000] /var/lib/rancher/rke2/server/tls/client-controller.crt: certificate CN=rke2-client-ca@1731481799 is ok, expires at 2034-11-11T07:09:59Z
|