Certificate expiration problem

[pptfz]

Karmada version

$ karmadactl version
karmadactl version: version.Info{GitVersion:"v0.5.0-2388-gccc39b2c", GitCommit:"ccc39b2cf54418face62c2e5fbdb7f697a6a5aa5", GitTreeState:"clean", BuildDate:"2022-08-18T05:56:51Z", GoVersion:"go1.18.5", Compiler:"gc", Platform:"linux/amd64"}

Kubernetes version

1.20
1.22

karmada-system ns

$ kubectl get pod
NAME                                               READY   STATUS             RESTARTS            AGE
etcd-0                                             1/1     Running            22709 (12m ago)     570d
karmada-apiserver-6dd844fdfd-stzzg                 0/1     CrashLoopBackOff   62237 (3m26s ago)   570d
karmada-controller-manager-7dbf7c6578-kmztg        0/1     CrashLoopBackOff   57506 (82s ago)     326d
karmada-kube-controller-manager-656cdc675f-cj6vw   0/1     CrashLoopBackOff   57341 (4m56s ago)   570d
karmada-scheduler-764fbdcd6d-6jhrd                 1/1     Running            1                   570d
karmada-webhook-6489787db4-wc9pp                   1/1     Running            0                   570d

karmada-apiserver log

$ $ kubectl logs -f karmada-apiserver-6dd844fdfd-stzzg
W0328 02:20:08.682680       1 clientconn.go:1223] grpc: addrConn.createTransport failed to connect to {https://etcd-client.karmada-system.svc.cluster.local:2379  <nil> 0 <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate has expired or is not yet valid: current time 2024-03-28T02:20:08Z is after 2023-09-05T06:51:02Z". Reconnecting...

karmada-controller-manager log

$ kubectl logs -f karmada-controller-manager-7dbf7c6578-kmztg
E0328 02:26:10.815013       1 controllermanager.go:78] failed to build controller manager: Get "https://karmada-apiserver.karmada-system.svc.cluster.local:5443/api?timeout=32s": dial tcp 10.254.52.163:5443: connect: connection refused
Get "https://karmada-apiserver.karmada-system.svc.cluster.local:5443/api?timeout=32s": dial tcp 10.254.52.163:5443: connect: connection refused

karmada-kube-controller-manager log

$ karmada-kube-controller-manager-656cdc675f-cj6vw
I0328 02:26:42.065358       1 dynamic_cafile_content.go:129] Loaded a new CA Bundle and Verifier for "client-ca-bundle::/etc/karmada/pki/server-ca.crt"
unable to load configmap based request-header-client-ca-file: Get "https://karmada-apiserver.karmada-system.svc.cluster.local:5443/api/v1/namespaces/kube-system/configmaps/extension-apiserver-authentication": dial tcp 10.254.52.163:5443: connect: connection refused

$ kubectl get svc 
NAME                TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
etcd                ClusterIP      None            <none>        2379/TCP,2380/TCP   2y257d
etcd-client         ClusterIP      10.254.58.168   <none>        2379/TCP            2y257d
karmada-apiserver   LoadBalancer   10.254.52.163   10.80.12.18   5443:32258/TCP      2y257d
karmada-webhook     ClusterIP      10.254.61.17    <none>        443/TCP             2y257d

Where should this certificate be renewed No explanation of the certificate expiration problem is found in the official documentation

[liangyuanpeng]

Thanks for your report,let's tracing it with #4787

/close

[karmada-bot]

@liangyuanpeng: Closing this issue.

In response to [this](https://github.com/karmada-io/karmada/issues/4769#issuecomment-2029712702): >Thanks for your report,let's tracing it with #4787 > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.