Ask questionsFailed to rotate expired certificates on an RKE cluster: unable to reach api server to fetch CA

RKE version: 0.1.17 Docker version: (docker version,docker info preferred) Server Version: 17.03.2-ce Operating system and kernel: (cat /etc/os-release, uname -r preferred) Ubuntu, 4.15.0-43-generic Type/provider of hosts: (VirtualBox/Bare-metal/AWS/GCE/DO) Bare-metal, RKE cluster.yml file: n/a Steps to Reproduce:

  • Create cluster
  • Wait one year
  • Cry

Results: Certificate expired (unnoticed on a weekend) after one year, control plane now broken, etc is logging: etcdmain: rejected connection from "10.x.x.x:2580" (error "remote error: tls: bad certificate", ServerName "")

Tried renewing with 0.2.0-rc9 but only got this error: WARN[0000] This is not an officially supported version (v0.2.0-rc9) of RKE. Please download the latest official release at INFO[0000] Initiating Kubernetes cluster INFO[0000] Rotating Kubernetes cluster certificates FATA[0000] Failed to rotate certificates: can't find old certificates


Answer questions hameno

@galal-hussein helped me fix the cluster, looked like something specific to our setup

Github User Rank List