kubernetes: failed to load existing certificate apiserver-etcd-client:
First you need to renew expired certificates, use kubeadm to do this:
kubeadm alpha certs renew apiserverkubeadm alpha certs renew apiserver-kubelet-clientkubeadm alpha certs renew front-proxy-clientNext generate new kubeconfig files:
kubeadm alpha kubeconfig user --client-name kubernetes-admin --org system:masters > /etc/kubernetes/admin.confkubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf# instead of $(hostname) you may need to pass the name of the master node as in "/etc/kubernetes/kubelet.conf" file.kubeadm alpha kubeconfig user --client-name system:node:$(hostname) --org system:nodes > /etc/kubernetes/kubelet.conf kubeadm alpha kubeconfig user --client-name system:kube-scheduler > /etc/kubernetes/scheduler.confCopy new kubernetes-admin kubeconfig file:
cp /etc/kubernetes/admin.conf ~/.kube/configFinally you need to restart: kube-apiserver, kube-controller-manager and kube-scheduler. You can use below commands or just restart master node:
sudo kill -s SIGHUP $(pidof kube-apiserver)sudo kill -s SIGHUP $(pidof kube-controller-manager)sudo kill -s SIGHUP $(pidof kube-scheduler)Additionally you can find more information on github and this answer may be of great help to you.
In my case, I use AKS (Azure Kubernetes Services), to fix this error I runned the command:
az aks rotate-certs -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAMEfollow link: https://docs.microsoft.com/en-us/azure/aks/certificate-rotation