K8s apiserver certificate expired in primary server

Question

Hello, i don't know why but the certificate of two K8s clusters (the certificates associates to the apiservers of the clusters, and related to the host-ids created in NBU during the registration) has expired.

Now i need to renew them because during the backup of the clusters the snapshot operation is completed successfully but the backup from snapshot ends always in error. So i need to renew the certificate. How can i proceed?

I can generate a reissue token for it but i'm not sure where to use it, and if are there any additional tasks i need to ask to the K8s admin.

Thank you, regards,

bhdrkzltn · Answer

Login to KOPS pod on cluster and run the following:

/nbcertcmdtool/nbcertcmdtool -atLibPath /nbcertcmdtool -getCACertificate -server primary-server.local.net

/nbcertcmdtool/nbcertcmdtool -atLibPath /nbcertcmdtool -getCertificate -server primary-server.local.net -force -token REISSUE_TOKEN

acioffarelli · Answer

Thank you for the reply.Tried but in error. The host-id of the reissue token is associated to a different host (if you see the screenshot above it's clear). I need to renew the certificate for the api server, not the operator.

Forum Discussion

K8s apiserver certificate expired in primary server

2 Replies

Related Content

Certificate Expiration

Client Certificate Expired

Certificates Expired

Certificate on master server expired

Enterprise vault SSL certificate has expired