0

kube-apiserver pod print following log:

authentication.go:104] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid

I already renewed all certs renew certs

admin.conf copied to ~/.kube/config
I deleted kubelet.conf and files from /var/lib/kubelet/pki and then create new ones. After that kubelet was restarted. I also restarted apiserver pod but it still print log that certificate is expired.
Interesting thing is that all I don't see any problems with cluster. Kubectl works as always.
I use v1.17.6 version. My cluster has 2-master and 8-worker nodes. Any ideas?

RedBluff
  • 1
  • 2
  • Kind of sound like one of your kubelet being unable to check in: are your nodes all OK/ready? Pick one pod running on each node: can you properly run "kubectl logs"? – SYN Jun 23 '22 at 18:41
  • .. wait... 2 masters? both with etcd? ... Out of topic .. but you should really go with 3 (right now, if one master goes down, your etcd is out of quorum: all API's down) – SYN Jun 23 '22 at 20:08
  • 1
    yes, I can run kubectl logs with success (pod logs from each node) – RedBluff Jun 24 '22 at 11:25

0 Answers0