| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
Tags
- cephadm
- cloud-init
- Docker
- Ansible
- HTML
- kolla-ansible
- pacman
- ubuntu
- OpenStack
- Linux
- archlinux
- Arch
- golang
- Kubeflow
- KVM
- repository
- k8s
- ceph
- port open
- yum
- Kubernetes
- libvirt
- i3
- kolla
- nfs-provisioner
- terraform
- ceph-ansible
- grafana-loki
- awx
- Octavia
Archives
- Today
- Total
YJWANG
Kubernetes secret tls 인증서 갱신 본문
우선 기존 인증서의 만료일을 확인해야한다.
인증서 만료 확인
secret 확인
[root@wyj05_deploy_0 cert]# kubectl get secrets -n https test1
NAME TYPE DATA AGE
test1 kubernetes.io/tls 2 11m인증서 만료 확인
[root@wyj05_deploy_0 cert]# kubectl get secret test1 -n https -o "jsonpath={.data['tls\.crt']}" | base64 -d | openssl x509 -enddate -noout
notAfter=Nov 30 08:32:54 2021 GMT인증서 갱신 진행
혹시 인증서 key file에 암호가 있다면 해지하고 작업을 진행해야한다.
# openssl rsa -in keyfile.pem -out keyfile.pem변경할 인증서의 base64 인코딩 값 확인
[root@wyj05\_deploy\_0 cert\]# cat test2.key |base64 -w 0
LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRFBLNDJSVUZPSHVtb0UKY0FZZEo3cU9qTEtkZGxkQTVDd0ZXbWlxbWNlQlZHc01UU2kzOEdYMTBJQXl2NEhPd01Fem9DVmRvNkJFcTlaNgpLVVNuVC9VakpuQmhBazhzNEs4NlhBRi9CQ3VTSFZ3SlV2MFFiNGVWUEZwaUcvWXNsR2pUY2tsUGFFUDhYU1NDCjl6ajhiZTFZUlQ5ZEpTYmhLSUcydHF2WXdqKzFJY3VFam5qZkVvZS8wQ3F0clZRbUdWT0YzbHJiakZYYXlTUGUKYXdSUy9wZTd1NnZwWmVCbTFoRlN6eGhjdWhOaXk0Z2dzaVNZU2VXakR3cFErU1g2L1k5d0hwbFlkYkkyL25HZQpMdkJQdk01eWhBVnBkMW1Ea0xOTHpyTTF2c2RDZi9yQlkwWTdKbWVZNjJicmNjbUdFMEhSdGRuYUZhSzlybVcrCkdGa2JlZWV2QWdNQkFBRUNnZ0VCQUs5eXhRdkJxVndUSldIb3RXVFBscERPMngyN2NSMkZuenBSWEw3T1NVVmcKQnVCK0gvUFc1YUtPRjJQakI3M2ZSRC9DYXFLb3hqd2lBeHVtQTN4bW5NWk44WEpXa0ZNRFhhTGc5R3RyVHJNSgpwajVIU0FZNVRldTNGeHhyYmNwSFRaZDAvRjBCZ2tJaFo2QjZXb3A5VmpvaE93NVpQbG9GQWdXSkluUUozZ1k0CnR4K1dFemplQzRUenRyQmJDWWlPZUpjUFNISDRoMjVTcFNhSEliVURPcE84QmF4dW1Xc3pOd2VYUy9Fc2doNFAKenlIaG5JZXJBblhRWE9vTTZSSkxGOWxuNlc1RDZ4d0hOQzRtbnhIVU5jdjVzOU9JcitLWndUVDhsZmpXY25nbApmeGFWeGNzdXBDMk1yY3ljUHc0b00vZWdmZ1p6S0xrc1R0UW1WN1BmTDdFQ2dZRUErMkZmN1VqMW5ldWRHL3ozClEycFFKcFBpbStjRW9SYzkzeHJtZEduSFROZkVab2JhZDVUTXBXU2hTN1pGRG04SW5VbXFFOGwwNVJwNlA0eWsKdTYzWHF6RThNWWRzeDR3Z3hCME9rL2ZrU2NBNTFHMitoQnNFbXlPWWJ3OVB4UEh2TDV3SzJ1NFFkNDRQRmhiaApENzJZS2Ntd2JkYkRKTkRuK1h1N25hWmxsdFVDZ1lFQTB2b3dxY3NtZFptUnp0TjJicnl3bXJsQU9YNHQ4UUgzCjhMWFlZT0cvck4wWE1SLytzKzR5amVsQ3NpblRwSEJROU95WWkwV08vQXZpY1ovM1RaLzFpTGJGcjBEWDhkRWwKMVhxVkR5Z0pWcFNSeTc1ZGFJeDRlNjVYeHB4NU1rOGdiYnYzS010aHRzRkZDaXZDUVhZRGd0SEpNYmR1ekRTdwpCbHZrTHBuNWpuTUNnWUVBZzByUFpFcEg1bXdweVhWczIyd0tZcXU0bm42aFAxVzVQZTU1MFBGeVkyTUtOQlpZCndqNFlTSVh2YkhETlRvV1ZkVGtGT0lKdXFENFUvVjRDcC9kYS9oR2dBNnBjbVRoSjRNUGdXazROa0t0eVNNM3MKeEdpc0ZpOFlMV0ZNNDJzTTVzdlVLNVpOU1hRTDB4aXVBWitmZXF2Wmx2U2xSWFJLeEZYb25xVkt4K1VDZ1lBZgpKdnc2aGhtMnNhZGEvOVIwQTM2Y1NoQldyUEFCcjBXNkVFL1Q5bUdFRjkxTnpxaWdUdUsrRzV4U2pHU0kybURKCjJZbW92dXVmQWU0ODB0OEVZa015SGJMUTd1VXorcXI0ZTdJNDI3T05Ta0RBOGVuKy93Ym5WRlgzcUxFb29aQnIKUTU3Nk1oWEtrMzByUkV6WnQ2QkxGOGo2ZzFoajVMKzlJS0p2MHlLTFN3S0JnUURGOTE2RDBvbWhzclZBRlBCRApnN1M0Si9GVVdTZnZJMEtmLzVZTEJTOFY5TTRnQ2pxTnRIMUkveG9MTU83aGxTN3orZnhtVDNTMEVKY2JDQ3lBCkI5RHlSUEFDdXcyaHhidEF2THJuRlp4eVJPbGFNRzEwbU1nMWw2ZU9CREVvZnZKNmtYT1BpbjQ3MmZWODZZc00KVDVNcWx1U2kwS3NlUzlCbFFJeFBQa1c1T1E9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==
[root@wyj05\_deploy\_0 cert\]# cat test2.cert |base64 -w 0
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaVENDQWsyZ0F3SUJBZ0lVRGJQUEtyaFpQRGg0YjVSODlnd29ka3RpazlZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1FqRUxNQWtHQTFVRUJoTUNXRmd4RlRBVEJnTlZCQWNNREVSbFptRjFiSFFnUTJsMGVURWNNQm9HQTFVRQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNREV5TURNd016VTNNemxhRncweU1URXlNRE13Ck16VTNNemxhTUVJeEN6QUpCZ05WQkFZVEFsaFlNUlV3RXdZRFZRUUhEQXhFWldaaGRXeDBJRU5wZEhreEhEQWEKQmdOVkJBb01FMFJsWm1GMWJIUWdRMjl0Y0dGdWVTQk1kR1F3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQgpEd0F3Z2dFS0FvSUJBUURQSzQyUlVGT0h1bW9FY0FZZEo3cU9qTEtkZGxkQTVDd0ZXbWlxbWNlQlZHc01UU2kzCjhHWDEwSUF5djRIT3dNRXpvQ1ZkbzZCRXE5WjZLVVNuVC9VakpuQmhBazhzNEs4NlhBRi9CQ3VTSFZ3SlV2MFEKYjRlVlBGcGlHL1lzbEdqVGNrbFBhRVA4WFNTQzl6ajhiZTFZUlQ5ZEpTYmhLSUcydHF2WXdqKzFJY3VFam5qZgpFb2UvMENxdHJWUW1HVk9GM2xyYmpGWGF5U1BlYXdSUy9wZTd1NnZwWmVCbTFoRlN6eGhjdWhOaXk0Z2dzaVNZClNlV2pEd3BRK1NYNi9ZOXdIcGxZZGJJMi9uR2VMdkJQdk01eWhBVnBkMW1Ea0xOTHpyTTF2c2RDZi9yQlkwWTcKSm1lWTYyYnJjY21HRTBIUnRkbmFGYUs5cm1XK0dGa2JlZWV2QWdNQkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSNQpQQ2p2NGVVdWQ2T0RTQnBrai92cnhoNnB4VEFmQmdOVkhTTUVHREFXZ0JSNVBDanY0ZVV1ZDZPRFNCcGtqL3ZyCnhoNnB4VEFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUE1bXZ2OUdiaDIKSkdKTEg3blRkUWRzMGRGaVd0M1BaTE5pYlNKdHdVYWdKWjFpbCtjSmVDRDAxMEZQc0JFcjAyNDV2U3R6WnlIaQpPd2lDMCs2bEdkTWpHM1ZvUHZxYXNYbUtkRTd2cklBakxYbnRXRmcrVXRHQ0NlZXh2em94Yk1FMmtqS3NqZWhJCkVlb0NFaU1MNzhuUWFHdE80UFIydVdPckdKVGRQOVFZTEt6L0xTMnp5aU1TL1E4UmE0K3Y0WlA4VDVGZGc3V1oKdWlnalhwU0dRQ01wNzhncGE5V2tNYy94SzgyTlZ5YUdMK3E3cDIyRnJQZnVkdWlZbGtuWlFncW9FTmp2dm1rKwpqUHpNb3RseHNmdjd3WVgrL1NMRTIwc0x1QzBrZlVUQU5sN2ZMNmEyRzYrV0hYV0VNMm5WY1FrMWRVMGpQaGlPCm8zUXM1aHU3ZEg2NAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
위 Output을 secret edit를 하거나 manifest를 수정하여 apply하면 된다.
현 게시물에서는 edit로 수정을 진행한다.
\[root@wyj05\_deploy\_0 cert\]# kubectl edit secrets -n https test1
(생략)
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaVENDQWsyZ0F3SUJBZ0lVRGJQUEtyaFpQRGg0YjVSODlnd29ka3RpazlZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1FqRUxNQWtHQTFVRUJoTUNXRmd4RlRBVEJnTlZCQWNNREVSbFptRjFiSFFnUTJsMGVURWNNQm9HQTFVRQpDZ3dUUkdWbVlYVnNkQ0J...
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRFBLNDJSVUZPSHVtb0UKY0FZZEo3cU9qTEtkZGxkQTVDd0ZXbWlxbWNlQlZHc01UU2kzOEdYMTBJQXl2NEhPd01Fem9DVmRvNkJFcTlaNgpLVVNuVC9VakpuQmhBazhzNEs4...
(생략)
인증서 갱신 확인
갱신 확인
\[root@wyj05\_deploy\_0 cert\]# kubectl get secret test1 -n https -o "jsonpath={.data\['tls.crt'\]}" | base64 -d | openssl x509 -enddate -noout
notAfter=Dec 3 03:57:39 2021 GMT
인증서 만료 날짜가 변경됐음을 알 수 있다.
Nov 30 08:32:54 2021 GMT > Dec 3 03:57:39 2021 GMT 반응형
'60.Cloud/80.Kubernetes' Related Articles
more
