Renew kubernetes pki after expired

Question

My kubernetes PKI expired (API server to be exact) and I can\'t find a way to renew it. The error I get is

May 27 08:43:51 node1 kubelet[8751]: I0527 08:43:5         


        

Answer 1

I was using Kubernetes v15.1 and updated my certificates as explained above, but I still got the same error. The /etc/kubernetes/kubelet.conf was still referring to the expired/old "client-certificate-data".

After some research I found out that kubeadm is not updating the /etc/kubernetes/kubelet.conf file if the certificate-renew was not set to true. So please be aware of a bug of kubeadm below version 1.17 (https://github.com/kubernetes/kubeadm/issues/1753).

kubeadm only upgrades if the cluster upgrade was done with certificate-renewal=true. So I manually had to delete the /etc/kubernetes/kubelet.conf and regenerated it with kubeadm init phase kubeconfig kubelet which finally fixed my problem.