$ kubectl get pod
NAME READY STATUS RESTARTS AGE
etcd-0 1/1 Running 22709 (12m ago) 570d
karmada-apiserver-6dd844fdfd-stzzg 0/1 CrashLoopBackOff 62237 (3m26s ago) 570d
karmada-controller-manager-7dbf7c6578-kmztg 0/1 CrashLoopBackOff 57506 (82s ago) 326d
karmada-kube-controller-manager-656cdc675f-cj6vw 0/1 CrashLoopBackOff 57341 (4m56s ago) 570d
karmada-scheduler-764fbdcd6d-6jhrd 1/1 Running 1 570d
karmada-webhook-6489787db4-wc9pp 1/1 Running 0 570d
karmada-apiserver log
$ $ kubectl logs -f karmada-apiserver-6dd844fdfd-stzzg
W0328 02:20:08.682680 1 clientconn.go:1223] grpc: addrConn.createTransport failed to connect to {https://etcd-client.karmada-system.svc.cluster.local:2379 <nil> 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate has expired or is not yet valid: current time 2024-03-28T02:20:08Z is after 2023-09-05T06:51:02Z". Reconnecting...
karmada-controller-manager log
$ kubectl logs -f karmada-controller-manager-7dbf7c6578-kmztg
E0328 02:26:10.815013 1 controllermanager.go:78] failed to build controller manager: Get "https://karmada-apiserver.karmada-system.svc.cluster.local:5443/api?timeout=32s": dial tcp 10.254.52.163:5443: connect: connection refused
Get "https://karmada-apiserver.karmada-system.svc.cluster.local:5443/api?timeout=32s": dial tcp 10.254.52.163:5443: connect: connection refused
karmada-kube-controller-manager log
$ karmada-kube-controller-manager-656cdc675f-cj6vw
I0328 02:26:42.065358 1 dynamic_cafile_content.go:129] Loaded a new CA Bundle and Verifier for "client-ca-bundle::/etc/karmada/pki/server-ca.crt"
unable to load configmap based request-header-client-ca-file: Get "https://karmada-apiserver.karmada-system.svc.cluster.local:5443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication": dial tcp 10.254.52.163:5443: connect: connection refused
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
etcd ClusterIP None <none> 2379/TCP,2380/TCP 2y257d
etcd-client ClusterIP 10.254.58.168 <none> 2379/TCP 2y257d
karmada-apiserver LoadBalancer 10.254.52.163 10.80.12.18 5443:32258/TCP 2y257d
karmada-webhook ClusterIP 10.254.61.17 <none> 443/TCP 2y257d
Where should this certificate be renewed
No explanation of the certificate expiration problem is found in the official documentation
In response to [this](https://github.com/karmada-io/karmada/issues/4769#issuecomment-2029712702):
>Thanks for your report,let's tracing it with #4787
>
>/close
Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
Karmada version
Kubernetes version
karmada-system ns
karmada-apiserver log
karmada-controller-manager log
karmada-kube-controller-manager log
Where should this certificate be renewed No explanation of the certificate expiration problem is found in the official documentation