From 269d3e39ac5e649f2ba3889e884b81c56cdbf4b9 Mon Sep 17 00:00:00 2001 From: galal-hussein Date: Tue, 9 Apr 2019 00:13:13 +0200 Subject: [PATCH 1/2] Rotate Certificates docs for 2.1 and 2.0 --- .../certificate-rotation/_index.md | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md b/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md index e45f9fd710f..13744ef7835 100644 --- a/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md @@ -32,3 +32,28 @@ Rancher launched Kubernetes clusters have the ability to rotate the auto-generat 4. Click **Save**. **Results:** The selected certificates will be rotated and the related services will be restarted to start using the new certificate. + +_Certificate Rotation for v2.1.14 and v2.0.9_ + +Certificate Rotation for all services was backported to **v2.1.14** and **v2.0.9**, the following services will be rotated: + +- etcd +- kubelet +- kube-apiserver +- kube-proxy +- kube-scheduler +- kube-controller-manager + +Certificates can be rotated through the API using the following steps: + +1. In the **Global** view, navigate to the cluster that you want to rotate certificates. + +2. Select the **Ellipsis (...) > View in API**. + +3. Click on **RotateCertificates**. + +4. Click on **Show Request**. + +5. Click on **Send Request**. + +**Results:** All kubernetes certificates will be rotated. From b9cff79792a8411d70972ea582baf1e4a4329cba Mon Sep 17 00:00:00 2001 From: Alena Prokharchyk Date: Tue, 23 Apr 2019 13:49:29 -0700 Subject: [PATCH 2/2] Update _index.md --- .../certificate-rotation/_index.md | 23 ++++++++----------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md b/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md index 13744ef7835..aa817ecd9f0 100644 --- a/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md +++ b/content/rancher/v2.x/en/cluster-admin/certificate-rotation/_index.md @@ -3,12 +3,8 @@ title: Certificate Rotation weight: 2040 --- -_Available as of v2.2.0_ - By default, Kubernetes clusters require certificates and Rancher launched Kubernetes clusters automatically generate certificates for the Kubernetes components. Rotating these certificates is important before the certificates expire as well as if a certificate is compromised. After the certificates are rotated, the Kubernetes components are automatically restarted. -> **Note:** Even though the RKE CLI can use custom certificates for the Kubernetes cluster components, Rancher currently doesn't allow the ability to upload these in Rancher Launched Kubernetes clusters. - Certificates can be rotated for the following services: - etcd @@ -18,6 +14,11 @@ Certificates can be rotated for the following services: - kube-scheduler - kube-controller-manager + +### Certificate Rotation in Rancher v2.2.x + +_Available as of v2.2.0_ + Rancher launched Kubernetes clusters have the ability to rotate the auto-generated certificates through the UI. 1. In the **Global** view, navigate to the cluster that you want to rotate certificates. @@ -33,18 +34,14 @@ Rancher launched Kubernetes clusters have the ability to rotate the auto-generat **Results:** The selected certificates will be rotated and the related services will be restarted to start using the new certificate. -_Certificate Rotation for v2.1.14 and v2.0.9_ +> **Note:** Even though the RKE CLI can use custom certificates for the Kubernetes cluster components, Rancher currently doesn't allow the ability to upload these in Rancher Launched Kubernetes clusters. -Certificate Rotation for all services was backported to **v2.1.14** and **v2.0.9**, the following services will be rotated: -- etcd -- kubelet -- kube-apiserver -- kube-proxy -- kube-scheduler -- kube-controller-manager +### Certificate Rotation in Rancher v2.1.x and v2.0.x -Certificates can be rotated through the API using the following steps: +_Available as of v2.1.14 and v2.0.9_ + +Rancher launched Kubernetes clusters have the ability to rotate the auto-generated certificates through the API. 1. In the **Global** view, navigate to the cluster that you want to rotate certificates.