You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the contents of the /etc/kubernetes/kubelet.conf on the primary CP node (the one where you called init) and the secondary ones, those that joined later are different.
for the primary we do not support rotation currently and that's a bug tracked here: #1753
what are the contents of the kubelet.conf on secondary nodes in your case?
the contents of the /etc/kubernetes/kubelet.conf on the primary CP node (the one where you called init) and the secondary ones, those that joined later are different.
You are right, this is my mistake, the bootstrap TLS procedure is used on the added control plane nodes.
for the primary we do not support rotation currently and that's a bug tracked here: #1753
my fix. Rotate kublet certificate on primary CP node by command kubeadm alpha kubeconfig user --client-name system:node:master-1.domain.tld --org system:nodes >kubelet.conf
FEATURE REQUEST
Versions
kubeadm version
v1.15.0 and above
What happened?
Kubeadm upgrade do not rotate kubelet certificate on master nodes.
On these nodes, the certificate is in /etc/kubernetes/kubelet.conf
and when updating the cluster it is also necessary to rotate it as control plane certificates in
controller-manager.conf and scheduler.conf
The text was updated successfully, but these errors were encountered: