2

I have set up a cluster (1 master + 2 nodes) using kubeadm (1.12) and faced the following:

bootstrap.go:205] Part of the existing bootstrap client certificate is expired: 2019-12-20 08:51:59 +0000 UTC
server.go:262] failed to run Kubelet: unable to load bootstrap kubeconfig: stat /etc/kubernetes/bootstrap-kubelet.conf: no such file or directory

is it feasible to update the certificates now or I have to redeploy it?

I have also another cluster (3 master + 5 workers) that the apiserver.crt will get expired. This was installed again by kubeadm (1.13.4). How can I update them without affecting the cluster? Certificates are selfsigned.

thank you.

user10573594
  • 151
  • 1
  • 2
  • 12
  • Does this answer your question? [Renew kubernetes pki after expired](https://stackoverflow.com/questions/56320930/renew-kubernetes-pki-after-expired) – Arghya Sadhu Jan 20 '20 at 14:31

1 Answers1

0

Kubeadm can renew certificates with the kubeadm alpha certs renew command. you have to run this command master node.

Subramanian Manickam
  • 1,199
  • 7
  • 9
  • does this require downtime? if there is a three-node master, what is the process? – user10573594 Jan 20 '20 at 15:15
  • I am about to do the same for version v1.13 doesn't need downtime(if everything goes alright.). Did you manage to renew the certs without any issue? – Mr Kashyap Dec 15 '20 at 12:18