I have set up a cluster (1 master + 2 nodes) using kubeadm (1.12) and faced the following:
bootstrap.go:205] Part of the existing bootstrap client certificate is expired: 2019-12-20 08:51:59 +0000 UTC
server.go:262] failed to run Kubelet: unable to load bootstrap kubeconfig: stat /etc/kubernetes/bootstrap-kubelet.conf: no such file or directory
is it feasible to update the certificates now or I have to redeploy it?
I have also another cluster (3 master + 5 workers) that the apiserver.crt will get expired. This was installed again by kubeadm (1.13.4). How can I update them without affecting the cluster? Certificates are selfsigned.
thank you.
Kubeadm can renew certificates with the kubeadm alpha certs renew command. you have to run this command master node.