profile
viewpoint

Ask questionsFailed to rotate expired certificates on an RKE cluster: unable to reach api server to fetch CA

RKE version: 0.1.17 Docker version: (docker version,docker info preferred) Server Version: 17.03.2-ce Operating system and kernel: (cat /etc/os-release, uname -r preferred) Ubuntu, 4.15.0-43-generic Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO) Bare-metal, RKE cluster.yml file: n/a Steps to Reproduce:

  • Create cluster
  • Wait one year
  • Cry

Results: Certificate expired (unnoticed on a weekend) after one year, control plane now broken, etc is logging: etcdmain: rejected connection from "10.x.x.x:2580" (error "remote error: tls: bad certificate", ServerName "")

Tried renewing with 0.2.0-rc9 but only got this error: WARN[0000] This is not an officially supported version (v0.2.0-rc9) of RKE. Please download the latest official release at https://github.com/rancher/rke/releases/latest INFO[0000] Initiating Kubernetes cluster INFO[0000] Rotating Kubernetes cluster certificates FATA[0000] Failed to rotate certificates: can't find old certificates

rancher/rke

Answer questions hameno

@galal-hussein helped me fix the cluster, looked like something specific to our setup

useful!

Related questions

"Failed to reconcile etcd plane" when updating RKE binary hot 3
Failed to get /health for host - remote error: tls: bad certificate hot 2
Error response from daemon: chown /etc/resolv.conf: operation not permitted hot 1
Pods can't reach networks outside of node hot 1
rke 0.1.17 Can't initiate NewClient: protocol not available hot 1
Calico node failed to start after upgrading the cluster hot 1
Job rke-network-plugin-deploy-job never completes (virtualbox) hot 1
rke up --local fails to deploy successfully hot 1
Job rke-network-plugin-deploy-job never completes (virtualbox) hot 1
go panic on intial rke up hot 1
Unable to update cluster "crypto/rsa: verification error" hot 1
Calico node failed to start after upgrading the cluster hot 1
pods in "CrashLoopBackOff" status after restoring from backup hot 1
[SOLVED] Failed to apply the ServiceAccount needed for job execution: Post https://10.102.X.X:6443/apis/rbac.authorization.k8s.io/v1/clusterrolebindings: Forbidden hot 1
Failed to get /health for host - remote error: tls: bad certificate hot 1
Github User Rank List