未分类

kubectl连接外部k8s集群tls证书报错

, , ,

欢迎转载,但请在开头或结尾注明原文出处【blog.chaosjohn.com】

报错如下:

1
2
$ kubectl get po -A
E1001 23:16:16.888813   15102 memcache.go:265] couldn't get current server API group list: Get "https://ubuntu-w510.local:16443/api?timeout=32s": tls: failed to verify certificate: x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster, kubernetes.default.svc.cluster.local, not ubuntu-w510.local

stackoverflow上《kubectl unable to connect to server: x509: certificate signed by unknown authority》和《helm: x509: certificate signed by unknown authority》,介绍了以下几种办法:

1
2
3
4
# extract <-----BEGIN/END CERTIFICATE-----> from openssl to ~/.kube/myCert.crt
$ openssl s_client -showcerts -connect IP:PORT

# replace line `certificate-authority-data` to certificate-authority: myCert.crt
1
$ kubectl --insecure-skip-tls-verify ...
1
2
3
4
5
6
$ cat ~/.kube/insecure-skip-tls-verify.sample.yaml
clusters:
- cluster:
    server: https://cluster.mysite.com
    insecure-skip-tls-verify: true
  name: default

参考资料:

最后,如果该文对读者有些许帮助,考虑下给点捐助鼓励一下呗😊

分享到