Etcd receiving SIGTERM repeatedly causing kube-apiserver bootstrap loop

Cluster information:

Kubernetes version: v1.31.14
Cloud being used: bare-metal
Installation method: kubeadm
Host OS: Ubuntu
CNI and version: Cilium 1.18.5
CRI and version: containerd 1.7.28

Issue:

I am troubleshooting a control plane issue where etcd keeps receiving a SIGTERM and exiting. When this happens the kube-apiserver cannot reach etcd and fails the bootstrap process, so the control plane enters a restart loop.

Observed behavior:

• etcd container starts normally
• shortly after it receives SIGTERM and exits
• kube-apiserver logs show connection refused to etcd
• kubelet keeps restarting the static control plane pods
• the cluster never becomes healthy

I’ve checked kubelet logs, container runtime logs, and crictl inspect/log output, but I cannot find a clear cause for why etcd is being terminated.

api_server_logs: api_server_3_13 - Pastebin.com
containerd_logs: containerd_logs_3_13 - Pastebin.com
kubelet_logs: kube_logs_3_13 - Pastebin.com
etcd_logs: Possible Spam Detected - Pastebin.com

Hello

Something is wrong with your kube-root-ca.crt which is injected into all namespace as configMap
You need to either renew/re-issue the certificate, and then restart the pods and the kubelet service.

OR

In case just the configMap is missing that contains the kube-root-ca.crt,You can simply create a new configMap in your namespace containing the certificate. However, you need to have the copy.

You can try this first and if you still see issues.

Share the kubernetes events to investigate further.