Renewing Kubernetes API Certificate

Today was the day, where my Kubernetes homelab gave me this return after I was simply checking about some pods

output

E0806 14:16:46.403995   67313 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0806 14:16:46.410441   67313 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0806 14:16:46.418628   67313 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0806 14:16:46.426282   67313 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0806 14:16:46.431827   67313 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)

After some error searching I found out that the API certificate was expired

---

Renewing Kubernetes API certificate

bash

# show current certificates expiration dates
sudo kubeadm certs check-expiration

# show current using kubeconfig expiration dates
yq -r '.users[0].user."client-certificate-data"' ~/.kube/config | base64 -d | openssl x509 -text

But fortunately, there is a simple solution for this

bash

# renew all kubernetes API certs
sudo kubeadm certs renew all

# move new certificate to kubeconfig
cp /etc/kubernetes/admin.conf ./kube/config

After that, you just have to reboot the system, so the kubernetes services are restarting all services At the end you can check the new expiration dates to make sure it worked

bash

# show current certificates expiration dates
sudo kubeadm certs check-expiration

XOR gitfeber