Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: v1.17.6
Cloud being used: bare-metal
Installation method: kubespray
Host OS: centos7
Hi, I encountered following problem, maybe you have any idea how to solve it?
My cluster is 2-master and 8-worker node.
Yesterday I renew certificates. I did it for all components including kubelet.
So I used kubeadm to renew certs for apiserver-kubelet-client, apiserver, front-proxy-client.
admin.conf was coppied to ~/.kube/config
I’ve also generated a new kubelet.conf. Symlink under /var/lib/kubelet/pki points to correct cert.
As always kubelet was restarted. Everything work as exptected. systemctl status kubelet doesn’t prompt any issue. It’s active. Kubectl commands work fine.
But…
when I look at api-server pod logs I can see wall of error related to certification.
1 authentication.go:104] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid
1 authentication.go:104] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid
1 authentication.go:104] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid
kubectl logs kube-apiserver -n kube-system
Restarting pod doens’t solve issue. Are there any more detailed logs? What request cannot be authenticated? Do you have any suggestions?