Rotation Certificates

Check Items

Check whether the number of certificates on your node is greater than 1000. During an upgrade, certificate files will be processed in batches. An excessive number of certificate files will lead to a slow node upgrade and result in pod eviction from the node.

Solution

Solution 1 (preferred): Reset the node. For details, see Resetting a Node.

Solution 2: Fix the certificate rotation issue on the node.

Go to the /opt/cloud/cce/kubernetes/kubelet/pki/ directory on the node.
Back up certificate files kubelet-server-current.pem and kubelet-client-current.pem on the node.

Delete the residual kubelet-server-* certificate files from the node.

link_target="$(basename $(readlink kubelet-server-current.pem))" && find -maxdepth 1 -type f -name 'kubelet-server-*.pem' ! -name "$link_target" -delete

Delete soft links for the certificates.

find -maxdepth 1 -type f -name 'kubelet-server-current.pem'  -delete

Parent Topic: Troubleshooting for Pre-upgrade Check Exceptions

Previous topic: Cluster Rolling Upgrade

Next topic: Nodes

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot