{"id":2580,"date":"2021-02-15T14:05:10","date_gmt":"2021-02-15T13:05:10","guid":{"rendered":"https:\/\/geko2.factoryfy.com\/renew-your-expired-kubernetes-certificates\/"},"modified":"2021-11-08T10:36:55","modified_gmt":"2021-11-08T09:36:55","slug":"renew-your-expired-kubernetes-certificates","status":"publish","type":"post","link":"https:\/\/geko.cloud\/en\/renew-your-expired-kubernetes-certificates\/","title":{"rendered":"Renew your expired Kubernetes certificates"},"content":{"rendered":"
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n

Jenkins Kubernetes Pod Template<\/h2>\n

Last friday we faced with a non very common issue with a customer that use jenkins<\/strong> and kubernetes<\/strong> for their CICD<\/strong> pipelines…<\/p>\n

Some of their Jenkins pipelines freezed because the Kubernetes nodes which runs those executions still pending\/offline<\/strong> for some reason and every console output shows us the following message:<\/p>\n

\n
[Pipeline] node\r\nStill waiting to schedule task\r\nAll nodes of label \u2018docker-build-xxxxxx\u2019 are offline<\/pre>\n<\/div>\n
Here<\/a> I attach you a plugin link with very usefull information and configurations about the Kubernetes<\/strong> plugin (we strongly recommend you)<\/p>\n
The Problem<\/h2>\n
We decided to check the Kubernetes cluster in order to inspect the pods execution inside the cicd namespaces to understand what is happening… then we notice that we are not able to talk with the Kubernates API thourgh the kubectl client, all the time we try to do some request to the API we get the following message:<\/p>\n
\n
Unable to authenticate the request due to an error: [x509: certificate has expired or is not yet valid, x509: certificate has expired or is not yet valid]<\/pre>\n<\/div>\n
Bingo! That’s the issue, our Kubernetes certificates we use to connect to the api (and used for etcd as well) has expired<\/strong>. This means a little problem because in order to renew a Kubernetes certificate you must to use a client to connect to the K8S API, but as I told you, the client doesn’t work because the certificates already expired… sooooo<\/p>\n
What we gonna do?<\/h4>\n
Geko to the rescue!<\/h2>\n
There is a workaround<\/strong> to solve it, basically we must to fake our Kubernetes by destroying (moving) the current certificates manually and then force re-create it<\/strong> using init config into the whole cluster.<\/p>\n
We strongly suggest you to previously move all the old certificates in a temporary folder, then force init config and finally reboot the K8S to startup with the new certificates we will use in our client side.<\/p>\n
\n
$ cd \/etc\/kubernetes\/pki\/ \r\n$ mkdir -p \/tmp\/oldcerts\/etcd\r\n$ mv {apiserver.crt,apiserver-etcd-client.key,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key,apiserver-etcd-client.crt} \/tmp\/oldcerts \r\n$ mv etcd\/* \/tmp\/oldcerts\/etcd\r\n$ kubeadm init phase certs all --apiserver-advertise-address  \r\n$ cd \/etc\/kubernetes\/ \r\n$ mv {admin.conf,controller-manager.conf,kubelet.conf,scheduler.conf} \/tmp\/oldcerts \r\n$ kubeadm init phase kubeconfig all \r\n$ reboot<\/pre>\n<\/div>\n
After reboot , our cluster will startup using the new certificates and will create a new .kubeconfig file which we will copy locally to use through our kubectl client.<\/p>\n
\n
$ cp -i \/etc\/kubernetes\/admin.conf $HOME\/.kube\/config<\/pre>\n<\/div>\n
Once we copy the new kubeconfig file , we are fully available to work with our K8S cluster again.<\/p>\n
In our case we delete all the orphan pods previously generated inside the “cicd” namespace (we love awk \ud83d\ude42\u00a0 )<\/p>\n
\n
for docker in `kubectl get pods -n cicd | awk {'print $1'}`;do kubectl delete pod $docker -ncicd;done<\/pre>\n<\/div>\n
We hope this post could help you with your Kubernetes expired certificates<\/strong> in order to restore the API connectivity with your clients.<\/p>\n
If we can help you somehow don’t hesitate to contact us here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"
Jenkins Kubernetes Pod Template Last friday we faced with a non very common issue with a customer that use jenkins and kubernetes for their CICD pipelines… Some of their Jenkins pipelines freezed because the Kubernetes nodes which runs those executions still pending\/offline for some reason and every console output shows us the following message: [Pipeline] […]<\/p>\n","protected":false},"author":2,"featured_media":5410,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[67],"tags":[83,90],"yoast_head":"\nRenew your expired Kubernetes certificates - Geko Cloud<\/title>\n<meta name=\"description\" content=\"Learn how to renew your Kubernetes certificates if they have expired, step by step in our blog post.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Renew your expired Kubernetes certificates - Geko Cloud\" \/>\n<meta property=\"og:description\" content=\"Learn how to renew your Kubernetes certificates if they have expired, step by step in our blog post.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/\" \/>\n<meta property=\"og:site_name\" content=\"Geko Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-15T13:05:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-08T09:36:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1135\" \/>\n\t<meta property=\"og:image:height\" content=\"682\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Jose Luis S\u00e1nchez\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@geko_cloud\" \/>\n<meta name=\"twitter:site\" content=\"@geko_cloud\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/\"},\"author\":{\"name\":\"Jose Luis S\u00e1nchez\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/d06aff498ebfbc75b5010ebe92af41ed\"},\"headline\":\"Renew your expired Kubernetes certificates\",\"datePublished\":\"2021-02-15T13:05:10+00:00\",\"dateModified\":\"2021-11-08T09:36:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/\"},\"wordCount\":383,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/geko.cloud\/es\/#organization\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png\",\"keywords\":[\"Jenkins\",\"Kubernetes\"],\"articleSection\":[\"Labs\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/\",\"url\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/\",\"name\":\"Renew your expired Kubernetes certificates - Geko Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/geko.cloud\/es\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png\",\"datePublished\":\"2021-02-15T13:05:10+00:00\",\"dateModified\":\"2021-11-08T09:36:55+00:00\",\"description\":\"Learn how to renew your Kubernetes certificates if they have expired, step by step in our blog post.\",\"breadcrumb\":{\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#primaryimage\",\"url\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png\",\"contentUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png\",\"width\":1135,\"height\":682,\"caption\":\"expired SSL certificate\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/geko.cloud\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Renew your expired Kubernetes certificates\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/geko.cloud\/es\/#website\",\"url\":\"https:\/\/geko.cloud\/es\/\",\"name\":\"Geko Cloud\",\"description\":\"Servicios de consultor\u00eda cloud y devops\",\"publisher\":{\"@id\":\"https:\/\/geko.cloud\/es\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/geko.cloud\/es\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/geko.cloud\/es\/#organization\",\"name\":\"Geko Cloud\",\"url\":\"https:\/\/geko.cloud\/es\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png\",\"contentUrl\":\"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png\",\"width\":1650,\"height\":809,\"caption\":\"Geko Cloud\"},\"image\":{\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/geko_cloud\",\"https:\/\/www.instagram.com\/gekocloud\/\",\"https:\/\/www.linkedin.com\/company\/gekocloud\",\"https:\/\/www.youtube.com\/channel\/UC5EFLCqUM7fEaXSa_0nWowQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/d06aff498ebfbc75b5010ebe92af41ed\",\"name\":\"Jose Luis S\u00e1nchez\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/geko.cloud\/es\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ebfd055d4dba456220c682523fcc237c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ebfd055d4dba456220c682523fcc237c?s=96&d=mm&r=g\",\"caption\":\"Jose Luis S\u00e1nchez\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Renew your expired Kubernetes certificates - Geko Cloud","description":"Learn how to renew your Kubernetes certificates if they have expired, step by step in our blog post.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/","og_locale":"en_US","og_type":"article","og_title":"Renew your expired Kubernetes certificates - Geko Cloud","og_description":"Learn how to renew your Kubernetes certificates if they have expired, step by step in our blog post.","og_url":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/","og_site_name":"Geko Cloud","article_published_time":"2021-02-15T13:05:10+00:00","article_modified_time":"2021-11-08T09:36:55+00:00","og_image":[{"width":1135,"height":682,"url":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png","type":"image\/png"}],"author":"Jose Luis S\u00e1nchez","twitter_card":"summary_large_image","twitter_creator":"@geko_cloud","twitter_site":"@geko_cloud","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#article","isPartOf":{"@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/"},"author":{"name":"Jose Luis S\u00e1nchez","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/d06aff498ebfbc75b5010ebe92af41ed"},"headline":"Renew your expired Kubernetes certificates","datePublished":"2021-02-15T13:05:10+00:00","dateModified":"2021-11-08T09:36:55+00:00","mainEntityOfPage":{"@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/"},"wordCount":383,"commentCount":0,"publisher":{"@id":"https:\/\/geko.cloud\/es\/#organization"},"image":{"@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#primaryimage"},"thumbnailUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png","keywords":["Jenkins","Kubernetes"],"articleSection":["Labs"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/","url":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/","name":"Renew your expired Kubernetes certificates - Geko Cloud","isPartOf":{"@id":"https:\/\/geko.cloud\/es\/#website"},"primaryImageOfPage":{"@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#primaryimage"},"image":{"@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#primaryimage"},"thumbnailUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png","datePublished":"2021-02-15T13:05:10+00:00","dateModified":"2021-11-08T09:36:55+00:00","description":"Learn how to renew your Kubernetes certificates if they have expired, step by step in our blog post.","breadcrumb":{"@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#primaryimage","url":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png","contentUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/02\/expiration-feature.png","width":1135,"height":682,"caption":"expired SSL certificate"},{"@type":"BreadcrumbList","@id":"https:\/\/geko.cloud\/es\/certificado-expirado-kubernetes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/geko.cloud\/en\/"},{"@type":"ListItem","position":2,"name":"Renew your expired Kubernetes certificates"}]},{"@type":"WebSite","@id":"https:\/\/geko.cloud\/es\/#website","url":"https:\/\/geko.cloud\/es\/","name":"Geko Cloud","description":"Servicios de consultor\u00eda cloud y devops","publisher":{"@id":"https:\/\/geko.cloud\/es\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/geko.cloud\/es\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/geko.cloud\/es\/#organization","name":"Geko Cloud","url":"https:\/\/geko.cloud\/es\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/","url":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png","contentUrl":"https:\/\/geko.cloud\/wp-content\/uploads\/2021\/10\/geko_logo-positivo.png","width":1650,"height":809,"caption":"Geko Cloud"},"image":{"@id":"https:\/\/geko.cloud\/es\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/geko_cloud","https:\/\/www.instagram.com\/gekocloud\/","https:\/\/www.linkedin.com\/company\/gekocloud","https:\/\/www.youtube.com\/channel\/UC5EFLCqUM7fEaXSa_0nWowQ"]},{"@type":"Person","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/d06aff498ebfbc75b5010ebe92af41ed","name":"Jose Luis S\u00e1nchez","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/geko.cloud\/es\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ebfd055d4dba456220c682523fcc237c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ebfd055d4dba456220c682523fcc237c?s=96&d=mm&r=g","caption":"Jose Luis S\u00e1nchez"}}]}},"_links":{"self":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/2580"}],"collection":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/comments?post=2580"}],"version-history":[{"count":3,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/2580\/revisions"}],"predecessor-version":[{"id":5275,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/posts\/2580\/revisions\/5275"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/media\/5410"}],"wp:attachment":[{"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/media?parent=2580"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/categories?post=2580"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geko.cloud\/en\/wp-json\/wp\/v2\/tags?post=2580"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}