kubernetes auth_error ai_generated true

x509:证书已过期或尚未生效:当前时间 2024-05-15T10:30:00Z 晚于 2024-04-01T00:00:00Z

x509: certificate has expired or is not yet valid: current time 2024-05-15T10:30:00Z is after 2024-04-01T00:00:00Z

ID: kubernetes/certificate-expired

其他格式: JSON · Markdown 中文 · English
88%修复率
90%置信度
1证据数
2024-04-01首次发现

根因分析

API 服务器、kubelet 或入口使用的 TLS 证书已过期,导致客户端身份验证失败。

English

The TLS certificate used by the API server, kubelet, or ingress has expired, causing authentication failures for clients.

generic

官方文档

https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/

解决方案

  1. Renew the API server certificate: On the control plane node, run 'sudo kubeadm certs renew apiserver' for kubeadm clusters, then restart kube-apiserver.
  2. Update the kubeconfig with a new token: 'kubectl config set-credentials cluster-admin --token=$(kubeadm token create)' after renewing certificates.

无效尝试

常见但无效的做法:

  1. Restart all pods to refresh certificates 90% 失败

    Pods don't manage cluster certificates; the issue is at the control plane or node level, not pod-level.

  2. Set the system clock back to a valid time 95% 失败

    Temporary fix that breaks other services; certificates remain expired and will fail again.