[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-08 (世界標準時間)。"],[],[],null,["This document describes periodic maintenance that is required for your\nGoogle Distributed Cloud clusters.\n\nRotate certificate authorities\n\nThe certificate authorities (CAs) in a cluster are valid for ten years, so you\nmust\n[rotate your CAs](/kubernetes-engine/distributed-cloud/bare-metal/docs/how-to/ca-rotation)\nat least once every ten years.\n\nCertificates for cluster components\n\nCluster components use certificates for authentication. These components\ninclude `kube-apiserver`, `kube-controller-manager`, `kube-scheduler`, `etcd`\nand `kubelet`. The certificates are valid for one year and are renewed during\ncluster [upgrade](/kubernetes-engine/distributed-cloud/bare-metal/docs/how-to/upgrade). To prevent the certificates from\nexpiring, you must upgrade your cluster at least once a year.\n\nIf the cluster certificates have expired, they must be\n[renewed manually](/kubernetes-engine/distributed-cloud/bare-metal/docs/troubleshooting/expired-certs). For more\ninformation, see\n[Certificate expiration](/kubernetes-engine/distributed-cloud/bare-metal/docs/troubleshooting/failure-mode-analysis#certificate_expiration)."]]