Support for Kubernetes cluster credential rotation
- Services: Kubernetes Engine
- Release Date: August 01, 2023
You can now use Container Engine for Kubernetes to change ('rotate') cluster credentials before they expire. Messages informing you of upcoming cluster credential expiry are shown in the Console, and you can also use the CLI, and the API to find out when cluster credentials are due to expire.
When you rotate cluster credentials, you have to update Kubernetes API clients that were using the previous credentials to communicate with the Kubernetes API. Such Kubernetes API clients include kubeconfig files, and pods that communicate directly with the Kubernetes API.
Cluster credential rotation is a two-phase process, separated by a user-defined delay period during which you update the Kubernetes API clients.
For more information, see Rotating Cluster Credentials.