Certificates expire after one year

[hanikesn]

Apiserver self generated certs should be cleared in last step of build.

[kjpopov]

I am facing the same problem, my kubedns, and dashboard can not talk to the api anymore

vagrant@contrib-stretch:~$ kubectl --namespace=kube-system get pods
NAME                                    READY     STATUS             RESTARTS   AGE
k8s-mdns-7d8485856b-f52qr               0/1       Error              127        1y
kube-dns-ff9bfdcb4-tsjb5                1/3       CrashLoopBackOff   86         1y
kubernetes-dashboard-6f64c97f9f-6964k   0/1       Error              36         1y

W0103 14:48:24.486679       1 client_config.go:529] Neither --kubeconfig nor --master was specified.  Using the inClusterConfig.  This might not work.
panic: Get https://10.0.0.1:443/api/v1/services?watch=true: x509: certificate has expired or is not yet valid
goroutine 1 [running]:
main.main()
	/go/src/github.com/flix-tech/k8s-mdns/main.go:57 +0xc9f

[kjpopov]

OK after some discussion with @hanikesn we have a workaround for that issue as follow:

1. Delete api server certificate
   sudo rm /var/lib/kubernetes/apiserver.crt
2. Restart api server it should start complaining that cert and key are not paired
   sudo systemctl restart kube-apiserver.service
3. Delete api server key
   sudo rm /var/lib/kubernetes/apiserver.key
4. Restart api server and kubelet
   sudo systemctl restart kube-apiserver.service && sudo systemctl restart kubelet.service
5. Delete/Restart secrets and pods into kube-system namespace
   kubectl --namespace=kube-system delete secret,pod --all