Rotate expired certificates

The different certificates which Kubernetes uses internally to communicate between different components and externally with your kubectl expire after one year. In this case you will see x509: certificate has expired or is not yet valid when using kubectl and scheduling of new pods as well as a lot of other basic functions will be locked.

To check if this is the case ssh into the machine of the cluster's master node (at the time I am writing this is vm-mpws2019.eaalab.hpi.uni-potsdam.de) Then run sudo kubeadm alpha certs check-expiration. If you see that some certs are expired you can renew them using sudo kubeadm alpha certs renew all. After that you should copy the /etc/kubernetes/admin.conf to your local machine and use it as your kubeconfig.

Now we also need to restart some of the control-plane components. Again ssh into the master machine and get an overview over the running containers using sudo docker ps. Then find the containers running the commands kube-apiserver, kube-controller-manager and kube-scheduler. Grab their container IDs and kill them using sudo docker kill <CONTAINER_ID>. This should be safe to do, as the containers will be recreated automatically afterwards.