无法连接到服务器:x509:证书有效
Unable to connect to the server: x509: certificate is valid for
OS: Mac OS 10.13.6 终端
用于远程访问的 Kubectl
当我使用“--insecure-skip-tls-verify”执行命令时,它工作正常。
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get pods
No resources found.
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get nodes
NAME STATUS ROLES AGE VERSION
balab29123.mylabserver.com NotReady <none> 4h v1.10.2
balab29124.mylabserver.com NotReady <none> 4h v1.10.2
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
但是我无法使用以下命令访问,我卡住了。
dev-env at balabimac in ~/kthw
$ kubectl config use-context kubernetes-me
Switched to context "kubernetes-me".
dev-env at balabimac in ~/kthw
$ kubectl get pods
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
$ kubectl get nodes
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
解决方案是为 kubelet 提供由 --kubelet-certificate-authority [1] 签名的服务证书。如果没有为 kubelet 提供服务证书,它当前会生成一个自签名证书。
[1]https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/#requesting-a-certificate
看起来当您生成 kubernetes API 服务器证书时,您输入 127.0.0.1.localhost 而不是 127.0 .0.1,本地主机。只是一个小错字,但结果是证书没有为本地主机正确签名,这将在您尝试连接时导致此错误。使用正确的值重新生成 Kube API 服务器证书。然后将证书文件复制到您的控制节点并将文件放在正确的位置,替换旧文件。
dev-env at balabimac in ~/kthw
$ kubectl get pods Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, **127.0.0.1.localhost**, kubernetes.default, not localhost
OS: Mac OS 10.13.6 终端
用于远程访问的 Kubectl
当我使用“--insecure-skip-tls-verify”执行命令时,它工作正常。
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get pods
No resources found.
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get nodes
NAME STATUS ROLES AGE VERSION
balab29123.mylabserver.com NotReady <none> 4h v1.10.2
balab29124.mylabserver.com NotReady <none> 4h v1.10.2
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
但是我无法使用以下命令访问,我卡住了。
dev-env at balabimac in ~/kthw
$ kubectl config use-context kubernetes-me
Switched to context "kubernetes-me".
dev-env at balabimac in ~/kthw
$ kubectl get pods
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
$ kubectl get nodes
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
解决方案是为 kubelet 提供由 --kubelet-certificate-authority [1] 签名的服务证书。如果没有为 kubelet 提供服务证书,它当前会生成一个自签名证书。
[1]https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/#requesting-a-certificate
看起来当您生成 kubernetes API 服务器证书时,您输入 127.0.0.1.localhost 而不是 127.0 .0.1,本地主机。只是一个小错字,但结果是证书没有为本地主机正确签名,这将在您尝试连接时导致此错误。使用正确的值重新生成 Kube API 服务器证书。然后将证书文件复制到您的控制节点并将文件放在正确的位置,替换旧文件。
dev-env at balabimac in ~/kthw
$ kubectl get pods Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, **127.0.0.1.localhost**, kubernetes.default, not localhost