I had my kubernetes certificate expire as I was publishing the last blog post, and was able to resolve it by following these steps on Fedora with kubeadm:
-
Confirm they are expired by running
; kubeadm certs check-expiration -
Update the certificates manually by shelling into a control plane node and running:
; kubeadm certs renew all -
Now, upgrade to the next version of kubeadm you can update to. Find your version with:
; kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"26", GitVersion:"v1.26.9", GitCommit:"d1483fdf7a0578c83523bc1e2212a606a44fd71d", GitTreeState:"clean", BuildDate:"2023-09-13T11:31:28Z", GoVersion:"go1.20.8", Compiler:"gc", Platform:"linux/amd64"}Then find the last patch version of the next major release:
; yum list --disablerepo='*' --enablerepo=kubernetes --showduplicates --disableexcludes=kubernetes -
Install that version:
; sudo yum install -y kubeadm-'1.28.2-*' --disableexcludes=kubernetes -
Plan an upgrade:
; sudo kubeadm upgrade plan -
Apply the version you installed earlier, even if plan tells you about a later version:
; sudo kubeadm upgrade apply v1.26.9 -
Upgrade kubelet:
; sudo yum install -y kubelet-'1.26.9-*' kubectl-'1.26.9-*' --disableexcludes=kubernetes -
On each worker node, install the same version of
kubeadm:; sudo yum install -y kubeadm-'1.26.8-*' --disableexcludes=kubernetes -
Upgrade the node:
; sudo kubeadm upgrade node -
Upgrade kubelet:
; sudo yum install -y kubelet-'1.26.9-*' kubectl-'1.26.9-*' --disableexcludes=kubernetes -
On a control plane node, copy the
admin.confto your user's config:; sudo cp /etc/kubernetes/admin.conf ~/.kube/config -
Copy the new kube config to your machine for access:
; cd ~/.kube ; mv config config.bak ; rsync k1.home.arpa:~/.kube/config config
I also had to run
; sudo dnf remove zram-generator-defaults
; sudo swapoff -a
to permanently disable swap, which was causing kubelet to fail.