apiserver icon indicating copy to clipboard operation
apiserver copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

log error about cert expired - does not show important info

Open KlavsKlavsen opened this issue 8 months ago • 6 comments

our kube-apiserver just started failing to start.. The log from containerd only says: 2023-12-16T07:35:01.426019865+01:00 stderr F }. Err: connection error: desc = "transport: authentication handshake failed: x509: certificate has expired or is not yet valid: current time 2023-12-16T06:35:01Z is after 2023-12-03T03:37:19Z"

so the cert appearently should have expired on the 3rd of december (and yet it only fails now) - and also - if I check the cert its using :

# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep fter
            Not After : Apr 13 14:08:43 2024 GMT
07:34:04 root@htzhel1-ax41na:~

its not actually run out..

The errorlog could be much more helpful -if it shared exactly which certificate its checking.. (file path - or whatever its got open) - AND Serial number from cert to uniquely identify the one its looking at.. :(

its k8s 1.26.4

KlavsKlavsen avatar Dec 16 '23 06:12 KlavsKlavsen