I’m running kubernetes 1.16.9 with a single master and multiple workers.
Certificates expired and now I attempted to renew certs.
Simply running on master:
kubeadm alpha certs renew all reboot
didn’t do anything, ca was already expired (my bad, non default 10 years validity).
So I deleted all pki and conf files inside /etc/kubernetes/pki.
Then I ran:
kubeadm init phase certs all kubeadm init phase kubeconfig all reboot
This worked and I can do use kubectl, but all nodes show “Unauthorized” on all requests on
systemctl status kubelet
I thought this was related to tokens, so I deleted all “default” serviceaccounts in all namespaces so the tokens would be created again.
Current state of the cluster: all nodes on “NotReady” and all queries to the kube api return Unauthorized.
How can I get rid of this? Any fast workarounds? wasn’t kubeadm init supposed to take care of updating new configs?
I can’t afford to run kubeadm reset, I want to fix my cluster without having to resort to that.