0

I have a Kops cluster where I want to rotate the client certificate in the kubeconfig. I read and follow https://kops.sigs.k8s.io/operations/rotate-secrets/, but the certificate in the kubeconfig is still valid.

I check kops get keypair kubecfg and see the kubecfg keypair is not rotated. If I try kops create keypair kubecfg, I get this error

Error: adding keypair to "kubecfg" is not supported

Can anyone please help? Thanks a lot in advance.

thenewasker
  • 125
  • 2
  • 8
  • What `kops` version are you running? The command `kops version`, will display this information. – Andrew Skorkin Feb 14 '22 at 19:27
  • latest one, 1.22.3 – thenewasker Feb 15 '22 at 20:09
  • 1
    You mentioned this command `kops get keypair kubecfg` Did you create `kubecfg` keypair previously? – Andrew Skorkin Feb 16 '22 at 23:19
  • Hi, I think I understand now. It seems that `kubecfg` was not created by Kops but someone did it manually – thenewasker Feb 19 '22 at 21:19
  • So, if you try `kops get keypair`, you can see in the output keypair with `kubecfg` name, am I right? Is there any progress with the problem? – Andrew Skorkin Feb 21 '22 at 08:39
  • No, I ended up migrated to a new (EKS) cluster, since the cert rotation from Kops somehow didn't work stably. Anyway, I think this `kubecfg` was created manually but someone in my team accidentally. `kops get keypair` only returns key's metadata, not its content. – thenewasker Feb 22 '22 at 09:05

0 Answers0