reset all kubernetes certificates after they expired

reset-k8s-certs.sh

# do not run these commands without knowing what they mean

# use these commands if you've been naughty and didn't have a reminder or alert set up to notify you about
# certificates used by kubernetes about to expire, which bricks the whole control-plane

# used on K8S 1.18
# on later K8S versions some of these commands are probably no longer alpha commands
# these commands need to be executed on all master nodes

# to find out if these commands apply to your situation
# this command will print expiry dates of all certs used by K8S components
find /etc/kubernetes/pki/ -type f -name "*.crt" -print|egrep -v 'ca.crt$'|xargs -L 1 -t  -i bash -c 'openssl x509  -noout -text -in {}|grep After'

# create backups
cp -r /etc/kubernetes /etc/kubernetes.old
rm -rf /etc/kubernetes.old/tmp

# re-generate all certs
kubeadm alpha certs renew apiserver-kubelet-client
kubeadm alpha certs renew apiserver
kubeadm alpha certs renew front-proxy-client
kubeadm alpha certs renew apiserver-etcd-client
kubeadm alpha certs renew etcd-server
kubeadm alpha certs renew etcd-healthcheck-client
kubeadm alpha certs renew etcd-peer

# restart etcd
docker ps | grep etcd
docker stop <id>

# check if you still have a job
kubectl --kubeconfig /etc/kubernetes/admin.conf get nodes

# generate and print new configs if needed
# kubeadm alpha kubeconfig user --client-name kube-controller-manager