K
Q

kubectl behind corporate proxy - unable to connect to the server

10/17/2019

I'm getting the error:

"Unable to connect to the server: x509: certificate signed by unknown authority"

when using kubectl to do deployments in GKE. Although, I saw that one solution is to add the flag "--insecure-skip-tls-verify", there comes another problem:

unable to recognize "~/k8s.yml": no matches for kind "Service" in version "v1" unable to recognize "~/k8s.yml": no matches for kind "Deployment" in version "apps/v1beta1"

I already have the proper credentials using "gcloud container clusters get-credentials", but I think our corporate proxy still switches the SSL certificate.

I couldn't find a way to set a custom cacert for kubectl although I've done this already in Cloud SDK.

Are there any alternatives to solve this issue?

-- Robert Paul Baquing
google-kubernetes-engine
kubectl

Similar Questions

How to get a pod's disk I/O read write in bytes in prometheus
Istio, cannot call microservice-2 from microservice-1
Unable to create a MySQL database backup in GCP storage
No module error requests in docker container

2 Answers

10/28/2019

I had to file a firewall/proxy exception to whitelist the GKE Cluster IP. And it actually worked. Although, I am a bit curious if that is a fixed IP or not?

-- Robert Paul Baquing
Source: StackOverflow
10/18/2019

Unfortunately this isn't something we can properly solve from a GCP support perspective. Though there are possible workarounds, these may violate your organization's policies surrounding data security and are not something I can provide in good conscience.

Your best course of action is to talk with your network operations team about your requirements, then they'll be able to address this while maintaining their goals.

-- Ahmad P
Source: StackOverflow