K
Q

Authentication error from kube-rbac-proxy, api server not able to authenticate

9/13/2019

I have an admission controller to validate a request. I have tested the admission controller separately and it is working fine. Now I have implemented kube-rbac-proxy as a sidecar container. The sidecar container is https and it is expecting either a ca cert or a bearer token. The curl request with ca is working fine. When I am trying using kubectl command, it is giving me tls: bad certificate error. I have logged the request and I could not find any ca cert included in the request.

Admission controller(https server) alone is working fine. The curl request with corresponding ca cert is able to call the admission controller via kube-rbac-proxy. Implemented this to support tls.

-- chakku
authentication
kubectl
kubernetes
kubernetes-apiserver
ssl

Similar Questions

How to sort and filter datasourcebindings in Extension task.json while populating a picklist
Readiness and Liveness probes for elasticsearch 6.3.0 on Kubernetes failing
Node.js cannot make request to k8s api server
GCP Kubernetes cluster monitoring limit graph
How to troubleshot: Kubernetes pods not creating or terminating
How to restrict access for namespaces like "kube-system" in Kubernetes

1 Answer

9/24/2019

Searching through the docs I think it's possible to make kubectl pass a certificate in it's requests.

Client certificate authentication is enabled by passing the --client-ca-file=SOMEFILE option to API server. The referenced file must contain one or more certificate authorities to use to validate client certificates presented to the API server.

Edit: realized I have made a mistake in my initial answer, it's corrected now.

-- OhHiMark
Source: StackOverflow