Skip to content

Add certificate renew command doc #9979

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 11, 2025
Merged

Add certificate renew command doc #9979

merged 4 commits into from
Aug 11, 2025

Conversation

panktishah26
Copy link
Member

Description of changes:
We have added a new command to renew cluster certificates using eksctl CLI. This PR adds documentation on how to use that command.

Testing (if applicable):

Documentation added/planned (if applicable):

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@eks-distro-bot eks-distro-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Aug 6, 2025
@codecov Codecov
Copy link

codecov bot commented Aug 6, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.98%. Comparing base (a0f535e) to head (fdb2347).
⚠️ Report is 6 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #9979   +/-   ##
=======================================
  Coverage   69.98%   69.98%           
=======================================
  Files         680      680           
  Lines       51148    51148           
=======================================
  Hits        35798    35798           
  Misses      13551    13551           
  Partials     1799     1799

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

chrisnegus
chrisnegus reviewed Aug 8, 2025
View reviewed changes
Copy link
Member

@chrisnegus chrisnegus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Just a couple of small suggestions.

docs/content/en/docs/clustermgmt/certificate-management/eksctl-renew-certs.md Outdated
## Overview

EKS Anywhere provides a simple and recommended way to renew cluster certificates using the `eksctl anywhere renew certificates` command. This is the recommended approach for certificate renewal.
Get more information on EKS Anywhere cluster certificates from [here]({{< relref "monitoring-certificates.md" >}})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Get more information on EKS Anywhere cluster certificates from [here]({{< relref "monitoring-certificates.md" >}})
Get more information on EKS Anywhere cluster certificates from [Monitoring Certificate Expiration]({{< relref "monitoring-certificates.md" >}})

docs/content/en/docs/clustermgmt/certificate-management/eksctl-renew-certs.md Outdated
4. For control plane nodes:
- Renewing all kubeadm certificates
- Restarting static pods
- Update external etcd key cert (if present)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Update external etcd key cert (if present)
- Updating external etcd key cert (if present)

docs/content/en/docs/clustermgmt/certificate-management/manual-steps-renew-certs.md Outdated
{{% alert title="Note" color="primary" %}}
While these manual steps renew the certificates, the [recommended method]({{< relref "eksctl-renew-certs.md" >}}) for certificate renewal is using the `eksctl anywhere renew certificates` command.
{{% /alert %}}

Certificates for external etcd and control plane nodes expire after 1 year in EKS Anywhere. This page shows the process for manually rotating certificates.

Get more information on EKS Anywhere cluster certificates from [here]({{< relref "monitoring-certificates.md" >}})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Get more information on EKS Anywhere cluster certificates from [here]({{< relref "monitoring-certificates.md" >}})
Get more information on EKS Anywhere cluster certificates from [Monitoring Certificate Expiration]({{< relref "monitoring-certificates.md" >}})

docs/content/en/docs/clustermgmt/certificate-management/script-renew-certs.md Outdated
{{% alert title="Note" color="primary" %}}
While this script-based approach is supported, the [recommended method]({{< relref "eksctl-renew-certs.md" >}}) for certificate renewal is using the `eksctl anywhere renew certificates` command.
{{% /alert %}}

Get more information on EKS Anywhere cluster certificates from [here]({{< relref "monitoring-certificates.md" >}})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Get more information on EKS Anywhere cluster certificates from [here]({{< relref "monitoring-certificates.md" >}})
Get more information on EKS Anywhere cluster certificates from [Monitoring Certificate Expiration]({{< relref "monitoring-certificates.md" >}})

@panktishah26 panktishah26 force-pushed the renew-certificate-doc branch from d029007 to 9646f17 Compare August 8, 2025 16:31
@panktishah26
Copy link
Member Author

/cherry-pick release-0.23

@eks-distro-pr-bot
Copy link
Contributor

@panktishah26: once the present PR merges, I will cherry-pick it on top of release-0.23 in a new PR and assign it to you.

In response to this:

/cherry-pick release-0.23

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

sp1999
sp1999 reviewed Aug 11, 2025
View reviewed changes
docs/content/en/docs/clustermgmt/certificate-management/eksctl-renew-certs.md

## Overview

EKS Anywhere provides a simple and recommended way to renew cluster certificates using the `eksctl anywhere renew certificates` command. This is the recommended approach for certificate renewal.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's add the command reference to the eksctl commands reference page too
https://anywhere.eks.amazonaws.com/docs/reference/eksctl/

@panktishah26 panktishah26 force-pushed the renew-certificate-doc branch from 9646f17 to c187116 Compare August 11, 2025 17:15
@eks-distro-bot
Copy link
Collaborator

eks-distro-bot commented Aug 11, 2025
edited
Loading

@panktishah26: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
eks-anywhere-cli-attribution-presubmit 0486f51 link true /test eks-anywhere-cli-attribution-presubmit
eks-anywhere-generate-files-presubmit 0486f51 link true /test eks-anywhere-generate-files-presubmit
eks-anywhere-e2e-presubmit 0486f51 link true /test eks-anywhere-e2e-presubmit
eks-anywhere-presubmit 0486f51 link true /test eks-anywhere-presubmit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@panktishah26 panktishah26 force-pushed the renew-certificate-doc branch from 0486f51 to 9646f17 Compare August 11, 2025 18:28
@sp1999
Copy link
Member

sp1999 commented Aug 11, 2025

/lgtm

@eks-distro-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@panktishah26 panktishah26 merged commit 46b800f into aws:main Aug 11, 2025
7 of 10 checks passed
@eks-distro-pr-bot
Copy link
Contributor

@panktishah26: new pull request created: #9987

In response to this:

/cherry-pick release-0.23

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@eks-distro-pr-bot eks-distro-pr-bot mentioned this pull request Aug 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisnegus chrisnegus chrisnegus left review comments

@sp1999 sp1999 sp1999 left review comments

Assignees

@sp1999 sp1999

Labels
approved area/docs Documentation documentation lgtm size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@panktishah26 @eks-distro-pr-bot @eks-distro-bot @sp1999 @chrisnegus