Share via

What is equivalent command of "kubeadm certs check-expiration" for a Kubernetes cluster running in Azure?

Shyam Bollu 0 Reputation points
2024-07-09T22:06:32.0866667+00:00

What is equivalent command of "kubeadm certs check-expiration" for a Kubernetes cluster running in Azure

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,997 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 5,560 Reputation points
    2024-07-09T22:15:55.8+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    There isn't a direct equivalent to the kubeadm certs check-expiration command. you can still check the status and expiration of certificates in an AKS cluster using the following methods:

    • Check the overall cluster status: 
        az aks show --name <cluster-name> --resource-group <resource-group-name> --query "privateLinkResources[].groupId"
    • Check the API server certificate: 
        openssl s_client -connect <cluster-fqdn>:443 -servername <cluster-fqdn> 2>/dev/null | openssl x509 -noout -dates
    • Use kubectl to check certificate information: 
        kubectl get --raw /healthz/etcd
  kubectl get --raw /healthz
    • Check kubelet certificate expiration: 
        kubectl get nodes -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.status.conditions[?(@.type=="Ready")].message}{"\n"}{end}'

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

    0 comments