English
Deutsch
Español – América Latina
Français
Indonesia
Italiano
Português – Brasil
中文 – 简体
日本語
한국어

Required periodic maintenance

This document describes periodic maintenance that is required for your GKE on Bare Metal clusters.

Rotate certificate authorities

The certificate authorities (CAs) in a cluster are valid for five years, so you must rotate your CAs at least once every five years.

Certificates for cluster components

Cluster components use certificates for authentication. These components include kube-apiserver, kube-controller-manager, kube-scheduler, etcd and kubelet. The certificates are valid for one year and are renewed during cluster upgrade. To prevent the certificates from expiring, you must upgrade your cluster at least once a year.

If the cluster certificates have expired, they must be renewed manually. For more information, see Certificate expiration.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-04-08 UTC.