Renew Kubernetes certificate for 10 years

When you run kubeadm certs check-expiration, usually you will see that the certificate validity expires one year later since the date of your install.

Q: What happens when your k8s certificate expires?

A: All of your Kubernetes services will fail to start, rendering a Severity 1 incident.

The long term solution is, to find a way to renew the internal Kubernetes certificate to a longer date. This is to prevent the yearly routine of renewing certs manually. Sure, you can include the command kubeadm certs renew all and insert it into cronjob. But this activity restarts the internal Kubernetes communication and is best to perform after office hours if you are running on a Production system.

The life saving script is located here: https://github.com/yuyicai/update-kube-cert

Cope out the update-kubeadm-cert.sh contents and run on each master node of your Kubernetes cluster.

End result: I get a residual time of 9 years instead of 10. But hey, close enough to keep my crontab and Kubernetes service clean and happy!

I have tested and verified on Kubernetes v1.21.7 and v1.20.2 — the script runs like a charm!