Home > Blockchain >  No pods started after "kubeadm alpha certs renew"
No pods started after "kubeadm alpha certs renew"

Time:01-25

I did a

kubeadm alpha certs renew

but after that, no pods get started. When starting from a Deployment, kubectl get pod doesn't even list the pod, when explicitly starting a pod, it is stuck on Pending.

What am I missing?

CodePudding user response:

Normally I would follow a pattern to debug such issues starting with:

  1. Check all the certificate files are rotated by kubeadm using sudo cat /etc/kubernetes/ssl/apiserver.crt | openssl x509 -text.
  2. Make sure all the control plane services (api-server, controller, scheduler etc) have been restarted to use the new certificates.
  3. If [1] and [2] are okay you should be able to do kubectl get pods
  4. Now you should check the certificates for kubelet and make sure you are not hitting https://github.com/kubernetes/kubeadm/issues/1753
  5. Make sure kubelet is restarted to use the new certificate.

I think of control plane (not being able to do kubectl) and kubelet (node status not ready, should see certificates attempts in api-server logs from the node) certificates expiry separately so I can quickly tell which might be broken.

Page link:https//www.codepudding.com/Blockchain/274852.html

Prev:Pods in StatefulSet still terminating after the old liveness probe time
Next:How to limit IP Addresses that have access to kubernetes service?
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding