Rotating AKS Cluster Certificates

The problem

We have checked the “diagnose and solve problems” page and we found the following:

Certificate Auto Rotation Not Available
kubectl get pods -A
Unable to connect to the server: x509: certificate has expired or is not yet valid

The Solution

To fix the certificate expired issue we will need to “manually” rotate the certificates by using the following az cli command:

az aks rotate-certs -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAME
Unable to connect to the server: x509: certificate signed by unknown authority<..>
az aks get-credentials -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAME --overwrite-existing
kubectl get nodes
NAME STATUS ROLES AGE VERSION
aks-linux-XXXXXXX-vmss000004 Ready agent 51d v1.20.9

Update:

I was checking the client cluster after 2 days, and I could see that the upgrade really fixed and enabled the auto rotation feature:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rafael Medeiros

Rafael Medeiros

DevOps Engineer| 3x Azure | Terraform Certified | MCT | Security + | Talks about cloud,IAC, Security and other IT Stuff