Redeploy node certificates in Openshift 3.10 and 3.11

Solution Verified - Updated -

Issue

  • New CA was deploy in OpenShift and the nodes are no longer in a Ready State.
  • How to manually force deployment of the new certificates for the node service only?
  • The playbook to redeploy certificates on the nodes is missing.
  • Nodes are failing to renew their certificate with the following error:
atomic-openshift-node[3715]: I0313 11:40:48.864375    3715 bootstrap.go:56] Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file
atomic-openshift-node[3715]: I0313 11:40:48.865525    3715 bootstrap.go:86] No valid private key and/or certificate found, reusing existing private key or creating a new one
atomic-openshift-node[3715]: F0313 11:40:48.893737    3715 server.go:262] failed to run Kubelet: cannot create certificate signing request: Unauthorized

Environment

  • Red Hat OpenShift Container Platform
    • 3.10
    • 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content