Clusters must be upgraded at least once a year in order for the certificates to be rotated before they expire.

Tanzu Mission Control does not rotate the certificates created during cluster creation by default. These certificates are valid for one year while the CAs are valid for 10 years. The certificates get regenerated for one year whenever the nodes are rolled. In the case of control plane nodes are rolled during cluster upgrade.

Prerequisites

Log in to the Tanzu Mission Control console, as described in Log In to the Tanzu Mission Control Console.

Make sure you have the appropriate permissions to update a cluster.
  • To update a cluster, you must be associated with the cluster.admin role.

Procedure

  1. In the left navigation pane, click Clusters.
  2. Select the cluster to upgrade.
  3. Click Upgrade.

Results

The certificate is renewed.