We have an existing cluster and because we need to work with a new IP address space are building a new cluster that will be built from the ground up. We’re intending to use the built-in CA.
I understand that leaf certificates are automatically generated and rotated, and that I can rotate in a new CA. What about server certificates? If I understand the documentation the creation of the CA and the server certs is a manual process. When the year is up, do I have to manually generate new server certs and rotate them in? Or does that happen automatically?