hostname invalid when executing "kubeadm alpha certs xxx "

6/25/2019

When I try to check my k8s certs expiration states, I run the following command:

kubeadm alpha certs check-expiration

which ended up with:

name: Invalid value: "alpha_53_116": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

I was wondering why it needs to check the node's hostname? As the hostname of my master node couldn't be altered, is there any way to solve this problem?


complement:

OS: Centos 7.4
kubeadm version: 1.15.0

-- George Liang
kubeadm
kubernetes

1 Answer

7/5/2019

As you pointed in your question, problem is with your node name. According to documentation command kubeadm alpha certs

The command shows expiration/residual time for the client certificates in the /etc/kubernetes/pki folder and for the client certificate embedded in the KUBECONFIG files used by kubeadm (admin.conf, controller-manager.conf and scheduler.conf).

Mentioned files can be found in /etc/kubernetes. You can also check kubeadm init configuration using kubeadm config print init-defaults.

Those files will contain name of your hostname which is invalid in kubeadm/kubernetes. In short, as kubeadm alpha certs is based on KUBECONFIG files and pki folder, it will not go trought validation due to "_" sign. Unfortunately it is syntax issue so there is no workaround.

Please keep in mind that alpha is Kubeadm experimental sub-commands. So it might be changed in the future.

-- PjoterS
Source: StackOverflow