What to do if the kURL registry certificates have expired

If you are unable to retrieve images from the kURL registry, it’s possible that the certificates have expired. These are automatically rotated in modern versions of ekco, but if you’re running older versions, it’s possible that rotation is necessary. You can look to see if the kURL registry certificates are expired when running:

kubectl -n kurl get secret registry-pki -o=jsonpath='{.data.registry\.crt}' | base64 -d | openssl x509 -noout -dates

You can use the following script to rotate the certificates: