K
Q

Unable to connect to the server: x509: certificate is valid for

10/21/2018

OS: Mac OS 10.13.6 Terminal

Kubectl for Remote Access

When I execute the command with "--insecure-skip-tls-verify" it works fine.

dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get pods
No resources found.
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get nodes
NAME                        STATUS     ROLES    AGE   VERSION
balab29123.mylabserver.com   NotReady   <none>   4h    v1.10.2
balab29124.mylabserver.com   NotReady   <none>   4h    v1.10.2
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

But I am unable to access using the below command, I am stuck.

dev-env at balabimac in ~/kthw
$ kubectl config use-context kubernetes-me
Switched to context "kubernetes-me".
dev-env at balabimac in ~/kthw
$ kubectl get pods
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
$ kubectl get nodes
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
-- BalaB
google-kubernetes-engine
kubernetes
kubernetes-health-check

Similar Questions

In Azure Kubernetes Service(AKS), is the master component managed in an isolated environment from other users?
GKE Loadbalancer how to add SSL Certs
Implement IHealthCheck in MassTransit for .Net Core 2.2
Troubleshooting kube-dns pod : Timeout waiting for initialization
nginx ingress host app to master ip not working
Running cypress in Kubernetes as pods
Unable to Access a deployed app(Airflow) on Rancher (RKE) hosted locally on Docker
Nginx Ingress returns 502 Bad Gateway on Kubernetes

2 Answers

10/23/2018

The solution is to give the kubelet a serving certificate signed by the --kubelet-certificate-authority [1]. If the kubelet is not given a serving certificate, it currently generates a self-signed one.

[1]https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/#requesting-a-certificate

-- Germán A.
Source: StackOverflow
10/31/2018

It looks like when you generated the kubernetes API server certificate, you put 127.0.0.1.localhost instead of 127.0.0.1,localhost . Just a small typo, but as a result the cert is not properly signed for localhost, which will lead to this error when you are trying to connect. Re-generate the Kube API server cert with the correct values. Then copy the cert files to your control nodes and put the files in the correct place, replacing the old files.

dev-env at balabimac in ~/kthw 
$ kubectl get pods Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, **127.0.0.1.localhost**, kubernetes.default, not localhost
-- MohanBabu
Source: StackOverflow