You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The test up2u instance has k8s 1.8 installed with InitNode.sh. Now, any requests to k8s api end up with x509: certificate has expired or is not yet valid. This can be seen when manually trying to call kubectl but also in worker nodes' logs when they try to talk to the master node's API.
Nothing can be done in k8s.
For instance:
# kubectl version
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.1", GitCommit:"f38e43b221d08850172a9a4ea785a86a3ffa3b3a", GitTreeState:"clean", BuildDate:"2017-10-11T23:27:35Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate has expired or is not yet valid
How to renew the cluster certificates?
I've been looking around a bit, but it seems this process is properly automated in later releases of k8s.
BTW, how to check when it will happen to the production instance?
The text was updated successfully, but these errors were encountered:
Hi, I have never seen this before unfortunately.
I found this which seems to be exactly your problem. The solution looks a bit cumbersome to me but I would it a try to the test cluster first.
May I ask if you could help us on this issue, I mean trying to apply the solution?
I suppose this happens a year since the creation of the k8s cluster using your script (the cert expiration date is 1y?). Around a year ago, we made a big upgrade of that installation at PSNC, and also a from-scratch installation of the cluster perhaps, so this might be why we haven't experienced that before.
The test up2u instance has k8s 1.8 installed with InitNode.sh. Now, any requests to k8s api end up with
x509: certificate has expired or is not yet valid
. This can be seen when manually trying to callkubectl
but also in worker nodes' logs when they try to talk to the master node's API.Nothing can be done in k8s.
For instance:
How to renew the cluster certificates?
I've been looking around a bit, but it seems this process is properly automated in later releases of k8s.
BTW, how to check when it will happen to the production instance?
The text was updated successfully, but these errors were encountered: