kubernetes: failed to load existing certificate apiserver-etcd-client:
First you need to renew expired certificates, use kubeadm
to do this:
kubeadm alpha certs renew apiserverkubeadm alpha certs renew apiserver-kubelet-clientkubeadm alpha certs renew front-proxy-client
Next generate new kubeconfig
files:
kubeadm alpha kubeconfig user --client-name kubernetes-admin --org system:masters > /etc/kubernetes/admin.confkubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf# instead of $(hostname) you may need to pass the name of the master node as in "/etc/kubernetes/kubelet.conf" file.kubeadm alpha kubeconfig user --client-name system:node:$(hostname) --org system:nodes > /etc/kubernetes/kubelet.conf kubeadm alpha kubeconfig user --client-name system:kube-scheduler > /etc/kubernetes/scheduler.conf
Copy new kubernetes-admin
kubeconfig
file:
cp /etc/kubernetes/admin.conf ~/.kube/config
Finally you need to restart: kube-apiserver
, kube-controller-manager
and kube-scheduler
. You can use below commands or just restart master node:
sudo kill -s SIGHUP $(pidof kube-apiserver)sudo kill -s SIGHUP $(pidof kube-controller-manager)sudo kill -s SIGHUP $(pidof kube-scheduler)
Additionally you can find more information on github and this answer may be of great help to you.
In my case, I use AKS (Azure Kubernetes Services), to fix this error I runned the command:
az aks rotate-certs -g $RESOURCE_GROUP_NAME -n $CLUSTER_NAME
follow link: https://docs.microsoft.com/en-us/azure/aks/certificate-rotation