Unable to connect to the server: x509: certificate is valid for
23,268
It looks like when you generated the kubernetes API server certificate, you put 127.0.0.1.localhost instead of 127.0.0.1,localhost . Just a small typo, but as a result the cert is not properly signed for localhost, which will lead to this error when you are trying to connect. Re-generate the Kube API server cert with the correct values. Then copy the cert files to your control nodes and put the files in the correct place, replacing the old files.
dev-env at balabimac in ~/kthw
$ kubectl get pods Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, **127.0.0.1.localhost**, kubernetes.default, not localhost
Author by
BalaB
Updated on July 05, 2022Comments
-
BalaB almost 2 years
OS: Mac OS 10.13.6 Terminal
Kubectl for Remote Access
When I execute the command with "--insecure-skip-tls-verify" it works fine.
dev-env at balabimac in ~/kthw $ kubectl --insecure-skip-tls-verify --context=kubernetes-me get pods No resources found. dev-env at balabimac in ~/kthw $ kubectl --insecure-skip-tls-verify --context=kubernetes-me get nodes NAME STATUS ROLES AGE VERSION balab29123.mylabserver.com NotReady <none> 4h v1.10.2 balab29124.mylabserver.com NotReady <none> 4h v1.10.2 dev-env at balabimac in ~/kthw $ kubectl --insecure-skip-tls-verify --context=kubernetes-me version Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
But I am unable to access using the below command, I am stuck.
dev-env at balabimac in ~/kthw $ kubectl config use-context kubernetes-me Switched to context "kubernetes-me". dev-env at balabimac in ~/kthw $ kubectl get pods Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost dev-env at balabimac in ~/kthw $ kubectl get nodes Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost dev-env at balabimac in ~/kthw
-
andriosr over 5 yearsis this an actual GKE cluster? where did you get the Kube-configs from? Check for the expiry dates on you cluster's certificates, it might be that the certificates are expired or your machine don't trust them (for self-signed/local cluster setups). Other than that I've seen this problem with the time on the cluster machines not being in sync
-
BalaB over 5 yearsNo, its not a GKE cluster. Let me take look @andriosr
-
BalaB over 5 yearsI am following kubernetes the hard way,
-
andriosr over 5 yearscool, so basically the certificate you issued to use in the apiserver is not trusted by your local machine. Just add it as a trusted cert in you machine and it should work.
-
BalaB over 5 yearsSorry for later reply. May I know the command to add the same to controllers.
-