DEV Community

Md Maruf Hossain
Md Maruf Hossain

Posted on

does kops version 1.18.3 and Kubernetes version 1.18.20 works with certificate key length 4096 or 3072 ?

I have prod cluster with kops version 1.18.3 and Kubernetes version 1.18.20. I got a request to change the certificate key length 4096 or 3072. I tried to find out the possibility to but do not find anything in google. Is there any possibility to do it on this cluster version?

Below certificates are available in master nodes
root:~# ls -lrt /etc/kubernetes/pki/kube-apiserver/ /var/lib/kubelet/pki/
/etc/kubernetes/pki/kube-apiserver/:
total 12
-rw-r--r-- 1 root root 1054 Apr 18 13:15 etcd-ca.crt
-rw------- 1 root root 1679 Apr 18 13:15 etcd-client.key
-rw-r--r-- 1 root root 1066 Apr 18 13:15 etcd-client.crt

/var/lib/kubelet/pki/:
total 8
-rw------- 1 root root 1675 Apr 18 13:19 kubelet.key
-rw-r--r-- 1 root root 2396 Apr 18 13:19 kubelet.crt

Below is available in nodes
root:~# ls -lrt /var/lib/kubelet/pki/
total 12
-rw------- 1 root root 1675 Apr 18 13:24 kubelet.key
-rw-r--r-- 1 root root 2408 Apr 18 13:24 kubelet.crt
lrwxrwxrwx 1 root root 59 Apr 18 13:24 kubelet-client-current.pem -> /var/lib/kubelet/pki/kubelet-client.pem
-rw------- 1 root root 1114 Apr 18 13:24 kubelet-client.pem

As usual s3 contains other certificates

Top comments (0)