How To Renew Kubernetes Certificates In Automation Suite Depending On The Version?

How to validate the expiry of Kubernetes certificate?

Issue Description: When running a kubectl command, the following error is thrown,

This error indicates that the Kubernetes certificates have expired. There are a few ways to renew these certificates. Note the two methods explained below,

Approach #1:

This solution applies to versions that contain kubeadm, such as 21.10.3 and below. Follow these steps to renew the certificates:

Check the expiration date of the certificates with the following command:

  • kubeadm alpha certs check-expiration

If all the certificates are expired, execute the following commands to renew them:

  • $ cd /etc/kubernetes/pki/
  • $ mv {apiserver.crt,apiserver-etcd-client.key,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key,apiserver-etcd-client.crt} ~/
  • $ kubeadm init phase certs all --apiserver-advertise-address <IP>
  • $ cd /etc/kubernetes/
  • $ mv {admin.conf,controller-manager.conf,kubelet.conf,scheduler.conf} ~/
  • $ kubeadm init phase kubeconfig all
  • $ systemctl restart docker && systemctl restart kubelet
  • $ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config


Approach #2:

If the version is newer, such as 22.4.1, kubeadm is not installed, and renewing the certificates is much easier. Simply restart rke2-server with the following command:

  • systemctl restart rke2-server

This command will renew all the Kubernetes certificates.

After any of the solutions on attempting to run any kubectl command, It should work.