Hi, Thank you very much for you help. I have created my own kubernetes cluster with Kubeadm to learn. I think it is the best way. My certificates were expired and I have regenerated them, created a new kubeconfig file but I created a new namespace, it couldn't automatically create service account named default. Thanks to you, I stopped and deleted pods and it worked

That time when your production cluster start sending erros because all of the cluster certificates go expired and you dont know what to do (because it's not documented). Great video Venkat as always ! (wish this video was released a couple of years ago) :D !

Great tutorial. Thank you for accepting my request. Very helpful!

Thanx a lot Venkat! Your video are usefull as always. About year ago I was faced a problem with renewing certs. Our team using kubernetes 1.15 and it was difficult to find correct command for renewing, by the way if someone faced such problem you should use "kubeadm alpha phase certs ..." and "kubeadm alpha phase kubeconfig all...", all other steps should be simular as in this video. Vankat, will be awesome if you record video how to renew certs in rancher, because then happens "TLS handshake error" we delete rancher and install it again. Anyway Thanx a lot, U are best!!!

Hello, Your video was very helpful, -- Just want to understand will there be any downtime while renewing these certificates? Will any cronjob be affected while this renewal process. -- Is there any possibility where we can generate an new self-signed certificate with 5 years expiry for the same ?

Thanks a lot for your videos. I would love to see a video about smallstep auto renewal of certificates intergrated with traefik

Hi, Nice video. Thank you. I wanted to know how we can renew the certificate for 10 years. Is there any straight forward way to do that?

Hey, thanks a ton for such a great video! One quick q I had: I was trying to invalidate a previously shared kubeconfig file by generating or renewing new certificate for a KOPS managed K8S cluster in AWS. I learnt that there is no way to do this without rotating (Redeploying) the master nodes of the cluster with kops. Is there any other way to regenerate the 'client-certificate-data' and 'client-key-data' present in the existing kubeconfig with new keypair? and will that be enough to secure the cluster without regenerating 'certificate-authority-data' ? In any case I don't want to redeploy the control plane of the cluster as I'm using this in production and I just want to invalidate the kubeconfig which is shared with different users

Hi , This video is really helpful in renewing certificate manually. A request- Would it be possible for you to make a video for Kubernetes audit policy ..I mean how we can implement minimal audit policy in order to fetch metadata level logs only.

Video is very helpful and informative. Can you also create video on Kubelet client certificate and server certificate auto rotatation especially on worker nodes

Very helpful! Thank you

Hi - Thanks for making this video. What do we need to do on the worker node? I was able to renew the certs on the control plane node but I am confused about the worker node.

as always great tutorial!!!

How can we do this operation on a production system? Do these operations you did in the tutorial cause the node to be NotReady status?

Will it cause any data loss if we restart the container? Can you tell me how to take backup inside the vm for any container?

Can you please help how to use cert manager to renew k8s certificates automatically instead using manuall process , can you make a video on that which helps a lot

Hi Venkat , i think TLS bootstrapping of kubelet also needs to be done. The kubelet certs also expires. Also Kube-proxy . Do you think those need to added in this video?

Thanks you 🙏

thank you

Do I need to delete and apply all of my deployed application containers not in Namespace-kube-system? What about other service namespace conatiners like MetalLB?

Hello Can you make videos on argocd image updater as usecase whenever new image pushes to docker hub using Jenkins so argocd image updater look this new image and create pod with latest image tag which is push on docker hub and delete old pods?

Hey man, I tested the command `kubectl delete pods -n kube-system "some-pod"` and it worked. Is it maybe an issue with previous versions (using 1.21)?

Suppose we have deploy some of the application in single master k8s, and all the information is saved in etcd, what wil happen if I restart the etcd by deleting the pod?

How to renew certificate when two or more master node in HA? Please make the turorial

Hello, We have k8s version 1.20.1 and have renewed all the cluster certificates as the cluster was not accessible due to certs expiration. But post performing kubeadm certa renew all command, the vluster is now accessible but pods are going into Pending state and gives logs in events 'x509: certificate has expired or is not yet valid' How to bring back cluster to working state, please help.

Hi venkat , we are using kops 1.18 , need to rotate cluster certs , is that any way to do it ?

Hello, can we not reload the kubelet for the changes of the static pods to take effect?

how to renew with kubespray

Hi i am getting this issue while certificate renewal # kubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf unknown flag: --client-name To see the stack trace of this error execute with --v=5 or higher please help