Unable to connect to the server: x509: certificate is valid for control-plane, not my_domain.com

9/29/2021

I am trying to give user access to Kubernetes using X.509 Client Certificate

I am using(subjectAltName= my_domain.com):

openssl req -new -newkey rsa:4096 -nodes -keyout Bob.key -out Bob.csr -subj "/C=DK/ST=Frb/L=Cph/O=engineering/CN=Bob" -addext "subjectAltName = DNS:my_domain.com"

kube/config:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <..Q0FURS0tLS0tCk..>
    server: https://my_domain.com:<port>
  name: bob
contexts:
- context:
    cluster: bob
    user: Bob
  name: bob
current-context: bob
kind: Config
preferences: {}
users:
- name: Bob
  user:
    client-certificate: /home/cred/Bob.crt
    client-key: /home/cred/Bob.key

Error:

Unable to connect to the server: x509: certificate is valid for control-plane,... not my_domain.com

Do you know how to make this work behind domain, where the local k8s server ip address is mapped?

-- Chris G.
kubeconfig
kubectl
kubernetes
openssl

1 Answer

10/1/2021

As mentioned by Anant Swaraj, the solution is here question You need to add subjectAltName to the kubeadm-config and restart kube-apiserver

-- Chris G.
Source: StackOverflow