OS: Mac OS 10.13.6 Terminal
Kubectl for Remote Access
When I execute the command with "--insecure-skip-tls-verify" it works fine.
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get pods
No resources found.
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get nodes
NAME STATUS ROLES AGE VERSION
balab29123.mylabserver.com NotReady <none> 4h v1.10.2
balab29124.mylabserver.com NotReady <none> 4h v1.10.2
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
But I am unable to access using the below command, I am stuck.
dev-env at balabimac in ~/kthw
$ kubectl config use-context kubernetes-me
Switched to context "kubernetes-me".
dev-env at balabimac in ~/kthw
$ kubectl get pods
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
$ kubectl get nodes
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
The solution is to give the kubelet a serving certificate signed by the --kubelet-certificate-authority [1]. If the kubelet is not given a serving certificate, it currently generates a self-signed one.
[1]https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/#requesting-a-certificate
It looks like when you generated the kubernetes API server certificate, you put 127.0.0.1.localhost instead of 127.0.0.1,localhost . Just a small typo, but as a result the cert is not properly signed for localhost, which will lead to this error when you are trying to connect. Re-generate the Kube API server cert with the correct values. Then copy the cert files to your control nodes and put the files in the correct place, replacing the old files.
dev-env at balabimac in ~/kthw
$ kubectl get pods Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, **127.0.0.1.localhost**, kubernetes.default, not localhost