K
Q

PKIX path validation failed while creating kubernetes service and deployment

4/19/2020

I'm really stuck here, so hoping someone can nudge me in the right direction. As mentioned in previous posts I've inherited someone else's partial project so please forgive my ignorance. I've got a Kubernetes cluster running on a CentOS server. I have a small Java project that is attempting to creates a service and deployment, but I keep getting

SEVERE: Failed to create k8s deployment and service 
io.kubernetes.client.ApiException: javax.net.ssl.SSLHandshakeException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: signature check failed
at io.kubernetes.client.ApiClient.execute(ApiClient.java:805)
at io.kubernetes.client.apis.CoreV1Api.createNamespacedServiceWithHttpInfo(CoreV1Api.java:9415)
at io.kubernetes.client.apis.CoreV1Api.createNamespacedService(CoreV1Api.java:9397)
at com.mystuff.pivcontroller.Piv.deployToK8s(Piv.java:195)
...
Caused by: java.security.SignatureException: Signature does not match.
at java.base/sun.security.x509.X509CertImpl.verify(X509CertImpl.java:456)
at java.base/sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)
at java.base/sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)
at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 65 more

Here's the portion of code where the issue is occurring, though I'm assuming it has nothing to do with the code and probably with some sort of Certificate mismatch or there abouts.

ApiClient client = Config.defaultClient();
Configuration.setDefaultApiClient(client);

Yaml.addModelMap("apps/v1", "Deployment", V1Deployment.class);
Yaml.addModelMap("v1", "Service", V1Service.class);

this.log.logDebug("Loading YAML files from disk");
V1Deployment yamlDeployment = (V1Deployment)Yaml.load(pivDeploymentYaml);
V1Service yamlService = (V1Service)Yaml.load(pivServiceYaml);

this.log.logDebug("Creating K8s service");
CoreV1Api coreApi = new CoreV1Api(client);
V1Service resultService = coreApi.createNamespacedService(PivConfig.K8sNamespace, yamlService, null, null, null); // <<<< line 195
this.log.logInfo("Built Service " + resultService.getMetadata().getName());

this.log.logDebug("Creating K8s deployment");
AppsV1Api appsApi = new AppsV1Api(client);
V1Deployment resultDeployment = appsApi.createNamespacedDeployment(PivConfig.K8sNamespace, yamlDeployment, null, null, null);
this.log.logInfo("Built Deployment: " + resultDeployment.getMetadata().getName());

Does anyone have an idea what's happening here? I'd really appreciate any suggestions on how I could debug this issue.

Thanks,

-- Handsome Wayfarer
java
kubernetes
pki

Similar Questions

Error running jenkins pipeline during deployment phase while integrating jenkins with GKE
subdomain per branch/namespace on K8S
unable to launch the kubernetes dashboard
Iteration on range elements of helm chart minus latest

0 Answers