How to renew or recreate a node's certificate in RHOCP4
Issue
- One or more nodes are not working, with a "NotReady" status;
-
Kubelet service log shows lots of messages:
Unable to authenticate the request due to an error: x509: certificate signed by unknown authority http: TLS handshake error from 10.173.2.64:43632: no serving certificate available for the kubelet
-
Expired or mis-matched node certificates, but there are no Pending CSRs
- How do I redeploy node certificates or do TLS bootstrapping?
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.