Kubernetes uses certificates to secure communication within a cluster. These certificates typically last for one year. While Kubernetes is supposed to support the automatic renewal of its certificates, this auto-renewal only occurs when a Kubernetes upgrade is initiated. You can manually upgrade the certificates from the control plane. To do this, SSH into the control plane (currently doitkub01). Check Certificate Expiration kubeadm certs check-expiration Renew Certificates kubeadm certs renew all Allow Certificates to Take Effect systemctl restart kubelet kubectl -n kube-system delete pod -l 'component=kube-apiserver' kubectl -n kube-system delete pod -l 'component=kube-controller-manager' kubectl -n kube-system delete pod -l 'component=kube-scheduler' kubectl -n kube-system delete pod -l 'component=etcd' reboot If kubectl commands still do not work on host iamlogin, perform the following steps: copy from doitkub01 the file /etc/kubernetes/admin.conf to iamlogin and call it /etc/kubernetes/admin.conf copy from iamlogin the file /etc/kubernetes/admin.conf to iamlogin and call it /root/.kube/config