Kubernetes HA Kube proxy certificate issue

1/17/2020

I'm setting up kubernetes HA with external etcd cluster and a HA proxy as load balancer on bare metal. After applying kubeadm init, i m getting errors being printed in kube-proxy pod logs

E0117 18:33:58.827088 1 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.Endpoints: Get https://dockers.airtel.com:6443/api/v1/endpoints?labelSelector=%21service.kubernetes.io%2Fheadless%2C%21service.kubernetes.io%2Fservice-proxy-name&limit=500&resourceVersion=0: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes") E0117 18:33:58.828979 1 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.Service: Get https://dockers.airtel.com:6443/api/v1/services?labelSelector=%21service.kubernetes.io%2Fheadless%2C%21service.kubernetes.io%2Fservice-proxy-name&limit=500&resourceVersion=0: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes") E0117 18:33:59.853663 1 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.Service: Get https://dockers.airtel.com:6443/api/v1/services?labelSelector=%21service.kubernetes.io%2Fheadless%2C%21service.kubernetes.io%2Fservice-proxy-name&limit=500&resourceVersion=0: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes") E0117 18:33:59.868131 1 reflector.go:153] k8s.io/client-go/informers/factory.go:135: Failed to list *v1.Endpoints: Get https://dockers.airtel.com:6443/api/v1/endpoints?labelSelector=%21service.kubernetes.io%2Fheadless%2C%21service.kubernetes.io%2Fservice-proxy-name&limit=500&resourceVersion=0: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

Although kube-proxy pod is up and running but i'm not being able to apply the calico cni.

I have been stuck in this for two weeks now but getting no help from anywhere.

-- Deepesh Goel
kube-proxy
kubernetes
kubernetes-pod

0 Answers