OCCNE Kubernetes Certificate Expired, Renewal Procedure for CNE 1.4 to CNE 1.8
(Doc ID 2742204.1)
Last updated on MARCH 02, 2022
Applies to:
Oracle Communications Cloud Native Core - 5G - Version Core 2.1.0 to Core 2.3.0 [Release All Releases]Information in this document applies to any platform.
Symptoms
Following error is seen when executing any kubectl command from the Bastion Host
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| The procedure below is valid for CNE 1.4 to 1.8. For CNE 1.9+, please use the procedure outlined in the Customer documentation. |
| 1. How to check certificate expiry date |
| 1.1 CNE1.4 |
| 1.2 CNE1.6 |
| 2. How to renew certificates |
| 2.1 Verify CNE Release |
| 2.2 Verify Kubernetes Version |
| 2.3 How to renew the certificate in the CNE 1.4 to CNE 1.8 |
| 3. Back out plan (only to be executed in case of kubeadm commands failure from above step)- |
| 4. Post Health CHecks after K8 Certification Renewal |
| 4.1 Verify that the certificate has been updated on all K8 Nodes |
| 4.2 Ensure nodes are all up and running and check for used CPU% and Mem% |
| 4.3 Check all nodes uptime less or equal to worker node |
| 4.4 Check kubelet process is up and running fine in all nodes after its reboot. |
| 4.5 Check for NTP client sync on all K8 nodes |
| 4.6 KPI Checks |
| 4.7. Check alerts on Prometheus alert manager |
| 5. Automatically Updating the Certificates |
| References |