Not sure how to solve the problem with the certificates, maybe someone has encountered this problem?
kernel
uname -a
Linux node2 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
OS
cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
kubectl
kubectl version
Client Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:41:02Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2023-03-31T09:11:37+03:00 is after 2023-03-25T05:32:30Z
kubeadm
kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.2", GitCommit:"f5743093fd1c663cb0cbc89748f730662345d44d", GitTreeState:"clean", BuildDate:"2020-09-16T13:38:53Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}
Problem:
When I try to get nodes:
kubectl get nodes
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2023-03-31T09:15:30+03:00 is after 2023-03-25T05:32:30Z
Trying to renew:
kubeadm alpha certs renew all
W0331 09:15:52.880115 4475 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
MISSING! certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself
Error checking external CA condition for ca certificate authority: failure loading certificate for API server: failed to load certificate: the certificate has expired
To see the stack trace of this error execute with --v=5 or higher
Kubeam renew:
kubeadm alpha phase certs apiserver --apiserver-advertise-add ress 10.2.27.11
unknown flag: --apiserver-advertise-address
To see the stack trace of this error execute with --v=5 or higher
[root@node2 pki]#
[root@node2 pki]#
[root@node2 pki]# kubeadm alpha phase certs apiserver --apiserver-advertise-addr ess 10.2.27.11
unknown flag: --apiserver-advertise-address
To see the stack trace of this error execute with --v=5 or higher
[root@node2 pki]# sudo kubeadm alpha certs renew apiserver
sudo: kubeadm: command not found
[root@node2 pki]# kubeadm alpha certs renew apiserver
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get c m kubeadm-config -oyaml'
[renew] Error reading configuration from the Cluster. Falling back to default co nfiguration
W0404 13:54:08.589075 17136 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io ]
MISSING! certificate for serving the Kubernetes API
kubeadm alpha certs renew apiserver
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[renew] Error reading configuration from the Cluster. Falling back to default configuration
W0404 13:54:26.555686 17270 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
MISSING! certificate for serving the Kubernetes API
[root@node2 pki]# kubeadm alpha certs renew apiserver-etcd-client
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[renew] Error reading configuration from the Cluster. Falling back to default configuration
W0404 13:54:32.885559 17375 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
MISSING! certificate the apiserver uses to access etcd
[root@node2 pki]# kubeadm alpha certs renew apiserver-kubelet-client
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
[renew] Error reading configuration from the Cluster. Falling back to default configuration
W0404 13:54:37.895333 17459 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
MISSING! certificate for the API server to connect to kubelet