What to do if the kURL registry certificates have expired

Xav_Paice · September 7, 2022, 5:01am

If you are unable to retrieve images from the kURL registry, it’s possible that the certificates have expired. These are automatically rotated in modern versions of ekco, but if you’re running older versions, it’s possible that rotation is necessary. You can look to see if the kURL registry certificates are expired when running:

kubectl -n kurl get secret registry-pki -o=jsonpath='{.data.registry\.crt}' | base64 -d | openssl x509 -noout -dates

You can use the following script to rotate the certificates:

gist.github.com

https://gist.github.com/divolgin/2bafb7d42a66d6f6bda8800e7b305e1e

secret.sh

#!/bin/bash

set -e

bail() {
    printf "${RED}$1${NC}\n" 1>&2
    exit 1
}

function registry_pki_secret() {

This file has been truncated. show original

Topic		Replies	Views
kURL: How to manually rotate an expired certificate for Envoy Supporting your customers kurl , contour , envoy , certificates , tls	0	835	July 26, 2022
Error running installation script (the certificate has expired for etcd-server) Troubleshooting	5	823	January 6, 2022
How to access the registry embedded with kURL How do I? kurl	0	295	August 3, 2022
How do I browse the embedded docker registry? How do I? kurl , registry	4	257	October 21, 2022
Ctr: snapshot "bootstrap-lb": already exists Supporting your customers kurl	0	255	January 30, 2023

What to do if the kURL registry certificates have expired

Related Topics