diff --git a/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md b/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md index e45f9fd710f..aa817ecd9f0 100644 --- a/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md @@ -3,12 +3,8 @@ title: Certificate Rotation weight: 2040 --- -_Available as of v2.2.0_ - By default, Kubernetes clusters require certificates and Rancher launched Kubernetes clusters automatically generate certificates for the Kubernetes components. Rotating these certificates is important before the certificates expire as well as if a certificate is compromised. After the certificates are rotated, the Kubernetes components are automatically restarted. -> **Note:** Even though the RKE CLI can use custom certificates for the Kubernetes cluster components, Rancher currently doesn't allow the ability to upload these in Rancher Launched Kubernetes clusters. - Certificates can be rotated for the following services: - etcd @@ -18,6 +14,11 @@ Certificates can be rotated for the following services: - kube-scheduler - kube-controller-manager + +### Certificate Rotation in Rancher v2.2.x + +_Available as of v2.2.0_ + Rancher launched Kubernetes clusters have the ability to rotate the auto-generated certificates through the UI. 1. In the **Global** view, navigate to the cluster that you want to rotate certificates. @@ -32,3 +33,24 @@ Rancher launched Kubernetes clusters have the ability to rotate the auto-generat 4. Click **Save**. **Results:** The selected certificates will be rotated and the related services will be restarted to start using the new certificate. + +> **Note:** Even though the RKE CLI can use custom certificates for the Kubernetes cluster components, Rancher currently doesn't allow the ability to upload these in Rancher Launched Kubernetes clusters. + + +### Certificate Rotation in Rancher v2.1.x and v2.0.x + +_Available as of v2.1.14 and v2.0.9_ + +Rancher launched Kubernetes clusters have the ability to rotate the auto-generated certificates through the API. + +1. In the **Global** view, navigate to the cluster that you want to rotate certificates. + +2. Select the **Ellipsis (...) > View in API**. + +3. Click on **RotateCertificates**. + +4. Click on **Show Request**. + +5. Click on **Send Request**. + +**Results:** All kubernetes certificates will be rotated.