Unable to connect to the server: x509: certificate is valid for

kubernetes google-kubernetes-engine kubernetes-health-check

23,268

It looks like when you generated the kubernetes API server certificate, you put 127.0.0.1.localhost instead of 127.0.0.1,localhost . Just a small typo, but as a result the cert is not properly signed for localhost, which will lead to this error when you are trying to connect. Re-generate the Kube API server cert with the correct values. Then copy the cert files to your control nodes and put the files in the correct place, replacing the old files.

dev-env at balabimac in ~/kthw 
$ kubectl get pods Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, **127.0.0.1.localhost**, kubernetes.default, not localhost

23,268

Author by

BalaB

Updated on July 05, 2022

Comments

BalaB almost 2 years

OS: Mac OS 10.13.6 Terminal

Kubectl for Remote Access

When I execute the command with "--insecure-skip-tls-verify" it works fine.

dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get pods
No resources found.
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get nodes
NAME                        STATUS     ROLES    AGE   VERSION
balab29123.mylabserver.com   NotReady   <none>   4h    v1.10.2
balab29124.mylabserver.com   NotReady   <none>   4h    v1.10.2
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

But I am unable to access using the below command, I am stuck.

dev-env at balabimac in ~/kthw
$ kubectl config use-context kubernetes-me
Switched to context "kubernetes-me".
dev-env at balabimac in ~/kthw
$ kubectl get pods
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
$ kubectl get nodes
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw

andriosr over 5 years

is this an actual GKE cluster? where did you get the Kube-configs from? Check for the expiry dates on you cluster's certificates, it might be that the certificates are expired or your machine don't trust them (for self-signed/local cluster setups). Other than that I've seen this problem with the time on the cluster machines not being in sync
BalaB over 5 years

No, its not a GKE cluster. Let me take look @andriosr
BalaB over 5 years

I am following kubernetes the hard way,
andriosr over 5 years

cool, so basically the certificate you issued to use in the apiserver is not trusted by your local machine. Just add it as a trusted cert in you machine and it should work.
BalaB over 5 years

Sorry for later reply. May I know the command to add the same to controllers.