Renew kubernetes pki after expired

Question

My kubernetes PKI expired (API server to be exact) and I can\'t find a way to renew it. The error I get is

May 27 08:43:51 node1 kubelet[8751]: I0527 08:43:5         


        

Answer 1

This topic is also discussed in:

• https://github.com/kubernetes/kubeadm/issues/581
  • after 1.15 kubeadm upgrade automatically will renewal the certificates for you!
  • also 1.15 added a command to check cert expiration in kubeadm
• Kubernetes: expired certificate

---

Kubernetes v1.15 provides docs for "Certificate Management with kubeadm":

• https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/
• Check certificate expiration:

kubeadm alpha certs check-expiration

• Automatic certificate renewal:
  • kubeadm renews all the certificates during control plane upgrade.
• Manual certificate renewal:
  • You can renew your certificates manually at any time with the kubeadm alpha certs renew command.
  • This command performs the renewal using CA (or front-proxy-CA) certificate and key stored in /etc/kubernetes/pki.

---

Overall for Kubernetes v1.14 I find this procedure the most helpful:

• https://stackoverflow.com/a/56334732/1147487