K
Q

How to properly launch an OpenShift v3 app

2/10/2015

As I am trying to launch a sample OpenShift v 3 (Docker/Kubernetes) app with this command:

_output/local/go/bin/osc create -f examples/hello-openshift/hello-pod.json

I am getting this error:

 Post https://localhost:8443/api/v1beta2/pods?namespace=default: x509: certificate signed by unknown authority

which is also confirmed by this message:

http: TLS handshake error from 127.0.0.1:58393: remote error: bad certificate

What adjustments do I need to make in order to make this work?

-- Eugene Goldberg
docker
kubernetes
openshift-origin

Similar Questions

Is it possible to run a game written in Haskell in the browser? (Through GHCJS maybe?)
Is there a way to view the Kubernetes image download progress during pod initialization?
Unable to access the internet from Kubernetes containers
What is the role of the node level bridge in overlay networking?

1 Answer

2/12/2015

OpenShift (on startup) generates a root self-signed certificate and a set of client certificates. The client is trying to talk to the server, but getting rejected because the client is loading certs from the root CA.

You can set the KUBECONFIG= environment variable and pass the path of the admin .kubeconfig file (by default, typically $(pwd)/openshift.local.certificates/admin/.kubeconfig.

You can also pass --insecure-skip-tls-verify when you invoke osc, but running with certificates will be more secure by default and once authorization is added, you'll be identified by the client cert that is bundled with that .kubeconfig.

-- Clayton
Source: StackOverflow