K
Q

Certificate signed by unknown authority error in Jenkins pipeline with Kubernetes cluster deployment

3/20/2020

When I am trying to deploy my spring boot microservice using Jenkins and Kubernetes I am getting the following error:

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

My deployment.yaml file like the following:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: spacestudysecurityauthcontrol-deployment
  labels:
    app: spacestudysecurityauthcontrol-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: spacestudysecurityauthcontrol-deployment
   template:
    metadata:
      labels:
        app: spacestudysecurityauthcontrol-deployment
      annotations: 
        date: "+%H:%M:%S %d/%m/%y"
    spec:
      imagePullSecrets:
        - name: "regcred"
      containers:
       - name: spacestudysecurityauthcontrol-deployment-container
         image: spacestudymilletech010/spacestudysecurityauthcontrol:latest
         imagePullPolicy: Always
         ports:
            - name: http
              containerPort: 8065
         readinessProbe:
          tcpSocket:
            port: 8065
          initialDelaySeconds: 5
          periodSeconds: 10
         livenessProbe:
          tcpSocket:
            port: 8065
          initialDelaySeconds: 15
          periodSeconds: 20
      nodeSelector:
          tenantName: tenant1

And my service like the following:

apiVersion: v1
kind: Service
metadata:
  name: spacestudysecurityauthcontrol-service
spec:
  type: NodePort
  ports:
    - port: 8065
      targetPort: 8065
      protocol: TCP
      name: http
      nodePort: 31026
  selector:
    app: spacestudysecurityauthcontrol-deployment

Why is this error happening and how can I correct my implementation?

-- Jacob
jenkins
kubernetes

Similar Questions

Openshift secure delete using "oc delete secret"
Substitute array to jsonnet
How to run cron for every 2 minute but start at 5th minute of a specific hour?
Dynamically creating pods with kubernetes by a queue

2 Answers

3/20/2020

This is nicely explained inside Troubleshooting kubeadm TLS certificate errors

  • Verify that the $HOME/.kube/config file contains a valid certificate, and regenerate a certificate if necessary. The certificates in a kubeconfig file are base64 encoded. The base64 --decode command can be used to decode the certificate and openssl x509 -text -noout can be used for viewing the certificate information.
  • Unset the KUBECONFIG environment variable using:
unset KUBECONFIG

Or set it to the default KUBECONFIG location:

 export KUBECONFIG=/etc/kubernetes/admin.conf
  • Another workaround is to overwrite the existing kubeconfig for the “admin” user:
mv  $HOME/.kube $HOME/.kube.bak
mkdir $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
-- Crou
Source: StackOverflow
3/20/2020

This error generally means that the kubeconfig file used to authenticate to Kubernetes API server is having a CA certificate which is not able to validate the server certificate presented by Kubernetes API server. Double check if you are using correct kubeconfig file corresponding to the Kubernetes cluster you are trying to connect to.

-- Arghya Sadhu
Source: StackOverflow