Kube-admin.pem expiring on single-node air-gap cluster

wdk · September 20, 2019, 9:17am

I have a customer who is getting alerts regarding an expiring kube-admin.pem certificate on their single node setup. It’s located in /etc/kubernetes/ssl together with the other certs on the master nodes.

I’m a bit confused because on all other clusters (own test cluster + other customer) we can’t find this particular certificate anywhere. Is this because it’s an air-gapped setup? The only mentions I find are in RKE documents but this is a single node setup with a custom cluster and not an RKE.

Can we rotate this cert manually with openssl and are there additional steps to take to get the cluster to accept the new cert?

sgunalan · April 2, 2020, 4:12pm

any update were you able to rotate using openssl on this I rotated all my certificates using the rancher manual but kube-admin.pem is not rotated.

alexzimmer96 · June 18, 2020, 11:28am

I’ve also facing the same question. kube-admin seems not to be updated. I’ve renamed it on one node and will watch if the cluster contains to be operational.

Topic		Replies	Views
Expired certs, not rotating after upgrade Rancher	2	532	October 18, 2019
Rancher v2.2.11 Announcements	1	1056	April 9, 2020
Certificate rotation problems Rancher	0	598	June 17, 2021
Rotate self signed certificate Rancher	0	678	July 10, 2020
Certificate issue on cluster upgraded from annual certs to 10 year certs Rancher	0	561	September 26, 2019

Kube-admin.pem expiring on single-node air-gap cluster

Related topics