K
Q

Get https://api.[mycluster]/api?timeout=32s: x509: certificate signed by unknown authority, kubernets cluster created on AWS using kops and Travis-CI

3/20/2020

I follow mainly the following article, at the end I have the following issue while trying to deploy new objects to the cluster

error: unable to recognize "./[different files].yaml": Get https://api.[mycluster]/api?timeout=32s: x509: certificate signed by unknown authority

I think that I have to pass kube cert effectively some where in travis configuration file, any suggestion please

-- Smaillns
amazon-web-services
kops
kubernetes
travis-ci
x509certificate

Similar Questions

Kubernetes Ingress Gateway for Response Content Manipulation
Permission compute.regions.get error in terraform google kubernetes engine
cassandra node on k8s cannot discover other nodes after statefulset upgrade
KubernetesPodOperator specify dictionary resources

1 Answer

3/20/2020

Effectively, the problem was related to cluster certificates, in the article cited previously there is a base64 encoding issue which will make fail the secrets injection. so we have to add information to the kubernetes config file, we find the following block in inject_secret.sh

./kubectl config set clusters.udagramk8s.kops.ucci.uk.certificate-authority-data $CERTIFICATE_AUTHORITY_DATA
./kubectl config set users.udagramk8s.kops.ucci.uk.client-certificate-data "$CLIENT_CERTIFICATE_DATA"
./kubectl config set users.udagramk8s.kops.ucci.uk.client-key-data "$CLIENT_KEY_DATA"
./kubectl config set users.udagramk8s.kops.ucci.uk.password "$KUBE_PASSWORD"
./kubectl config set users.udagramk8s.kops.ucci.uk.net-basic-auth.password "$KUBE_PASSWORD"

And what we have to do to ensure the presence of these env variables, is to add them simply by the Travis-CI console, under project settings section

Note: we can get the variables values by using the following command cat ~/.kube/config

-- Smaillns
Source: StackOverflow