Skip to main content
Version: latest

Renew Certificates for Airgap Clusters

Kubernetes uses SSL certificates to secure the communication between different components of a cluster. Using these certificates allows Kubernetes to secure API connections, verify the authenticity of the nodes, and encrypt connections. All certificates have an expiry date, and need to be renewed periodically.

This page guides you through the different methods used to renew certificates in an airgapped Palette Edge cluster. An airgapped cluster means a cluster that has no connection to a Palette instance. For information on how to renew certificates on connected Edge clusters, refer to Renew Cluster PKI Certificates.

Limitations

  • The procedure described in this guide only renews certificates for control plane nodes. Certificate renewal for worker nodes is not supported.
  • The certificates used are generated by Kubernetes. You cannot use your own certificates.

Automatic Renewal

Palette Edge will automatically renew all control plane certificates your cluster uses for you 30 days before they expire. You can follow the steps below to check when the next automatic renewal will happen.

Prerequisite

  • You have an active cluster in a airgapped Edge host.
  • You have access to Local UI for the Edge host. For more information, refer to Access Local UI.

Check Next Auto Renewal Time

  1. Log in to Local UI.

  2. From the left Main Menu, select Cluster.

  3. Select the Overview tab on the Cluster page.

  4. In Overview, click View Certificates in the Kubernetes Certificates row. This will display all the certificates currently in use by your cluster.

  5. The next renewal time, which is 30 days before the expiry date, for your certificates is at the top of the pop-up box.

Validate

In Overview, click View Certificates in the Kubernetes Certificates row. This will display all the certificates currently in use by your cluster. You can confirm that the certificates have been renewed by looking at the expiry date of certificates. The issue date of the certificates will not change after certificate renewal.

Manual Renewal

You can also manually renew your certificates whenever you want. You can do this through Local UI or through the Edge Management API.

Prerequisite

  • You have an active cluster in a airgapped Edge host.
  • You have access to Local UI for the Edge host. For more information, refer to Access Local UI.

Manually Renew Certificates

  1. Log in to Local UI.

  2. From the left Main Menu, select Cluster.

  3. Select the Overview tab on the Cluster page.

  4. In Overview, click View Certificates in the Kubernetes Certificates row. This will display all the certificates currently in use by your cluster.

  5. Click Renew to renew all certificates used by the cluster.

Validate

In Overview, click View Certificates in the Kubernetes Certificates row. This will display all the certificates currently in use by your cluster. You can confirm that the certificates have been renewed by looking at the expiry date of certificates. The issue date of the certificates will not change after certificate renewal.