Kubectl command failing with certificate error

Problem

  • kubectl commands are failing and throwing the below certificate error in kubelet logs:
Errors in kubelet.log
Copy
  • The nodelet phase failing on the first cert-gen phase with the below error:
nodelet logs
Copy
  • While checking the directory/tmp/authbs-certs.xxxx/kubelet/apiserver mentioned in the error, the file request.json had the entryPermission denied instead of the certificate information.
Impacted node
Copy

Environment

  • Platform9 Edge Cloud - 5.3.0 or Higher

Cause

  • The vault token is expired.

Procedure

  • Retrieve the token using below command from the affected node:
Affected node
Copy
  • To check the validity of the vault token, run the below command:
Affected node
Copy
  • If the above command return like below instead of the token information, then its confirmed that the vault token is expired and need to renew the vault token:
Affected node
Copy

Resolution

  • To resolve the issue, renew the vault token as per the KB
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard