kubectl unable to connect to server: x509: certificate signed by unknown authority










7















i'm getting an error when running kubectl one one machine (windows)



the k8s cluster is running on CentOs 7 kubernetes cluster 1.7
master, worker



Here's my .kubeconfig





apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://10.10.12.7:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: system:node:localhost.localdomain
name: system:node:localhost.localdomain@kubernetes
current-context: system:node:localhost.localdomain@kubernetes
kind: Config
preferences:
users:
- name: system:node:localhost.localdomain
user:
client-certificate-data: REDACTED
client-key-data: REDACTED



the cluster is built using kubeadm with the default certificates on the pki directory



kubectl unable to connect to server: x509: certificate signed by unknown authority










share|improve this question


























    7















    i'm getting an error when running kubectl one one machine (windows)



    the k8s cluster is running on CentOs 7 kubernetes cluster 1.7
    master, worker



    Here's my .kubeconfig





    apiVersion: v1
    clusters:
    - cluster:
    certificate-authority-data: REDACTED
    server: https://10.10.12.7:6443
    name: kubernetes
    contexts:
    - context:
    cluster: kubernetes
    user: system:node:localhost.localdomain
    name: system:node:localhost.localdomain@kubernetes
    current-context: system:node:localhost.localdomain@kubernetes
    kind: Config
    preferences:
    users:
    - name: system:node:localhost.localdomain
    user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED



    the cluster is built using kubeadm with the default certificates on the pki directory



    kubectl unable to connect to server: x509: certificate signed by unknown authority










    share|improve this question
























      7












      7








      7


      1






      i'm getting an error when running kubectl one one machine (windows)



      the k8s cluster is running on CentOs 7 kubernetes cluster 1.7
      master, worker



      Here's my .kubeconfig





      apiVersion: v1
      clusters:
      - cluster:
      certificate-authority-data: REDACTED
      server: https://10.10.12.7:6443
      name: kubernetes
      contexts:
      - context:
      cluster: kubernetes
      user: system:node:localhost.localdomain
      name: system:node:localhost.localdomain@kubernetes
      current-context: system:node:localhost.localdomain@kubernetes
      kind: Config
      preferences:
      users:
      - name: system:node:localhost.localdomain
      user:
      client-certificate-data: REDACTED
      client-key-data: REDACTED



      the cluster is built using kubeadm with the default certificates on the pki directory



      kubectl unable to connect to server: x509: certificate signed by unknown authority










      share|improve this question














      i'm getting an error when running kubectl one one machine (windows)



      the k8s cluster is running on CentOs 7 kubernetes cluster 1.7
      master, worker



      Here's my .kubeconfig





      apiVersion: v1
      clusters:
      - cluster:
      certificate-authority-data: REDACTED
      server: https://10.10.12.7:6443
      name: kubernetes
      contexts:
      - context:
      cluster: kubernetes
      user: system:node:localhost.localdomain
      name: system:node:localhost.localdomain@kubernetes
      current-context: system:node:localhost.localdomain@kubernetes
      kind: Config
      preferences:
      users:
      - name: system:node:localhost.localdomain
      user:
      client-certificate-data: REDACTED
      client-key-data: REDACTED



      the cluster is built using kubeadm with the default certificates on the pki directory



      kubectl unable to connect to server: x509: certificate signed by unknown authority







      ssl kubernetes kubectl






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Sep 15 '17 at 7:42









      bherto39bherto39

      361616




      361616






















          5 Answers
          5






          active

          oldest

          votes


















          2














          I just want to share, sorry I wasn't able to provide this earlier as I just realized this is causing



          so on the master node we're running a kubectl proxy



          kubectl proxy --address 0.0.0.0 --accept-hosts '.*'


          I stopped this and voila the error was gone.



          I'm now able to do




          kubectl get nodes
          NAME STATUS AGE VERSION
          centos-k8s2 Ready 3d v1.7.5
          localhost.localdomain Ready 3d v1.7.5


          I hope this helps those who stumbled upon this scenario






          share|improve this answer






























            2














            Run:



            gcloud container clusters get-credentials standard-cluster-1 --zone us-central1-a --project devops1-218400


            here devops1-218400 is my project name. Replace it with your project name.






            share|improve this answer

























            • This worked for me. Thanks.

              – Rafael R. S. Robles
              Jan 18 at 12:13


















            0














            In case of the error you should export all the kubecfg which contains the certs. kops export kubecfg "your cluster-name and export KOPS_STATE_STORE=s3://"paste your S3 store" .



            Now you should be able to access and see the resources of your cluster.






            share|improve this answer






























              0














              On GCP



              check: gcloud version



              -- localMacOS# gcloud version



              Run:
              --- localMacOS# gcloud container clusters get-credentials 'clusterName' --zone=us-'zoneName'



              Get clusterName and zoneName from your console -- here: https://console.cloud.google.com/kubernetes/list?



              ref: .x509 @market place deployments on GCP #Kubernetes






              share|improve this answer






























                0














                I got the same error while running $ kubectl get nodes as a root user. I fixed it by exporting kubelet.conf to environment variable.



                $ export KUBECONFIG=/etc/kubernetes/kubelet.conf
                $ kubectl get nodes





                share|improve this answer






















                  Your Answer






                  StackExchange.ifUsing("editor", function ()
                  StackExchange.using("externalEditor", function ()
                  StackExchange.using("snippets", function ()
                  StackExchange.snippets.init();
                  );
                  );
                  , "code-snippets");

                  StackExchange.ready(function()
                  var channelOptions =
                  tags: "".split(" "),
                  id: "1"
                  ;
                  initTagRenderer("".split(" "), "".split(" "), channelOptions);

                  StackExchange.using("externalEditor", function()
                  // Have to fire editor after snippets, if snippets enabled
                  if (StackExchange.settings.snippets.snippetsEnabled)
                  StackExchange.using("snippets", function()
                  createEditor();
                  );

                  else
                  createEditor();

                  );

                  function createEditor()
                  StackExchange.prepareEditor(
                  heartbeatType: 'answer',
                  autoActivateHeartbeat: false,
                  convertImagesToLinks: true,
                  noModals: true,
                  showLowRepImageUploadWarning: true,
                  reputationToPostImages: 10,
                  bindNavPrevention: true,
                  postfix: "",
                  imageUploader:
                  brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
                  contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
                  allowUrls: true
                  ,
                  onDemand: true,
                  discardSelector: ".discard-answer"
                  ,immediatelyShowMarkdownHelp:true
                  );



                  );













                  draft saved

                  draft discarded


















                  StackExchange.ready(
                  function ()
                  StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f46234295%2fkubectl-unable-to-connect-to-server-x509-certificate-signed-by-unknown-authori%23new-answer', 'question_page');

                  );

                  Post as a guest















                  Required, but never shown

























                  5 Answers
                  5






                  active

                  oldest

                  votes








                  5 Answers
                  5






                  active

                  oldest

                  votes









                  active

                  oldest

                  votes






                  active

                  oldest

                  votes









                  2














                  I just want to share, sorry I wasn't able to provide this earlier as I just realized this is causing



                  so on the master node we're running a kubectl proxy



                  kubectl proxy --address 0.0.0.0 --accept-hosts '.*'


                  I stopped this and voila the error was gone.



                  I'm now able to do




                  kubectl get nodes
                  NAME STATUS AGE VERSION
                  centos-k8s2 Ready 3d v1.7.5
                  localhost.localdomain Ready 3d v1.7.5


                  I hope this helps those who stumbled upon this scenario






                  share|improve this answer



























                    2














                    I just want to share, sorry I wasn't able to provide this earlier as I just realized this is causing



                    so on the master node we're running a kubectl proxy



                    kubectl proxy --address 0.0.0.0 --accept-hosts '.*'


                    I stopped this and voila the error was gone.



                    I'm now able to do




                    kubectl get nodes
                    NAME STATUS AGE VERSION
                    centos-k8s2 Ready 3d v1.7.5
                    localhost.localdomain Ready 3d v1.7.5


                    I hope this helps those who stumbled upon this scenario






                    share|improve this answer

























                      2












                      2








                      2







                      I just want to share, sorry I wasn't able to provide this earlier as I just realized this is causing



                      so on the master node we're running a kubectl proxy



                      kubectl proxy --address 0.0.0.0 --accept-hosts '.*'


                      I stopped this and voila the error was gone.



                      I'm now able to do




                      kubectl get nodes
                      NAME STATUS AGE VERSION
                      centos-k8s2 Ready 3d v1.7.5
                      localhost.localdomain Ready 3d v1.7.5


                      I hope this helps those who stumbled upon this scenario






                      share|improve this answer













                      I just want to share, sorry I wasn't able to provide this earlier as I just realized this is causing



                      so on the master node we're running a kubectl proxy



                      kubectl proxy --address 0.0.0.0 --accept-hosts '.*'


                      I stopped this and voila the error was gone.



                      I'm now able to do




                      kubectl get nodes
                      NAME STATUS AGE VERSION
                      centos-k8s2 Ready 3d v1.7.5
                      localhost.localdomain Ready 3d v1.7.5


                      I hope this helps those who stumbled upon this scenario







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Sep 15 '17 at 8:21









                      bherto39bherto39

                      361616




                      361616























                          2














                          Run:



                          gcloud container clusters get-credentials standard-cluster-1 --zone us-central1-a --project devops1-218400


                          here devops1-218400 is my project name. Replace it with your project name.






                          share|improve this answer

























                          • This worked for me. Thanks.

                            – Rafael R. S. Robles
                            Jan 18 at 12:13















                          2














                          Run:



                          gcloud container clusters get-credentials standard-cluster-1 --zone us-central1-a --project devops1-218400


                          here devops1-218400 is my project name. Replace it with your project name.






                          share|improve this answer

























                          • This worked for me. Thanks.

                            – Rafael R. S. Robles
                            Jan 18 at 12:13













                          2












                          2








                          2







                          Run:



                          gcloud container clusters get-credentials standard-cluster-1 --zone us-central1-a --project devops1-218400


                          here devops1-218400 is my project name. Replace it with your project name.






                          share|improve this answer















                          Run:



                          gcloud container clusters get-credentials standard-cluster-1 --zone us-central1-a --project devops1-218400


                          here devops1-218400 is my project name. Replace it with your project name.







                          share|improve this answer














                          share|improve this answer



                          share|improve this answer








                          edited Nov 14 '18 at 1:57









                          Stephen Rauch

                          28.4k153557




                          28.4k153557










                          answered Nov 14 '18 at 1:38









                          stalinstalin

                          213




                          213












                          • This worked for me. Thanks.

                            – Rafael R. S. Robles
                            Jan 18 at 12:13

















                          • This worked for me. Thanks.

                            – Rafael R. S. Robles
                            Jan 18 at 12:13
















                          This worked for me. Thanks.

                          – Rafael R. S. Robles
                          Jan 18 at 12:13





                          This worked for me. Thanks.

                          – Rafael R. S. Robles
                          Jan 18 at 12:13











                          0














                          In case of the error you should export all the kubecfg which contains the certs. kops export kubecfg "your cluster-name and export KOPS_STATE_STORE=s3://"paste your S3 store" .



                          Now you should be able to access and see the resources of your cluster.






                          share|improve this answer



























                            0














                            In case of the error you should export all the kubecfg which contains the certs. kops export kubecfg "your cluster-name and export KOPS_STATE_STORE=s3://"paste your S3 store" .



                            Now you should be able to access and see the resources of your cluster.






                            share|improve this answer

























                              0












                              0








                              0







                              In case of the error you should export all the kubecfg which contains the certs. kops export kubecfg "your cluster-name and export KOPS_STATE_STORE=s3://"paste your S3 store" .



                              Now you should be able to access and see the resources of your cluster.






                              share|improve this answer













                              In case of the error you should export all the kubecfg which contains the certs. kops export kubecfg "your cluster-name and export KOPS_STATE_STORE=s3://"paste your S3 store" .



                              Now you should be able to access and see the resources of your cluster.







                              share|improve this answer












                              share|improve this answer



                              share|improve this answer










                              answered Mar 14 '18 at 15:15









                              JohnBegoodJohnBegood

                              314




                              314





















                                  0














                                  On GCP



                                  check: gcloud version



                                  -- localMacOS# gcloud version



                                  Run:
                                  --- localMacOS# gcloud container clusters get-credentials 'clusterName' --zone=us-'zoneName'



                                  Get clusterName and zoneName from your console -- here: https://console.cloud.google.com/kubernetes/list?



                                  ref: .x509 @market place deployments on GCP #Kubernetes






                                  share|improve this answer



























                                    0














                                    On GCP



                                    check: gcloud version



                                    -- localMacOS# gcloud version



                                    Run:
                                    --- localMacOS# gcloud container clusters get-credentials 'clusterName' --zone=us-'zoneName'



                                    Get clusterName and zoneName from your console -- here: https://console.cloud.google.com/kubernetes/list?



                                    ref: .x509 @market place deployments on GCP #Kubernetes






                                    share|improve this answer

























                                      0












                                      0








                                      0







                                      On GCP



                                      check: gcloud version



                                      -- localMacOS# gcloud version



                                      Run:
                                      --- localMacOS# gcloud container clusters get-credentials 'clusterName' --zone=us-'zoneName'



                                      Get clusterName and zoneName from your console -- here: https://console.cloud.google.com/kubernetes/list?



                                      ref: .x509 @market place deployments on GCP #Kubernetes






                                      share|improve this answer













                                      On GCP



                                      check: gcloud version



                                      -- localMacOS# gcloud version



                                      Run:
                                      --- localMacOS# gcloud container clusters get-credentials 'clusterName' --zone=us-'zoneName'



                                      Get clusterName and zoneName from your console -- here: https://console.cloud.google.com/kubernetes/list?



                                      ref: .x509 @market place deployments on GCP #Kubernetes







                                      share|improve this answer












                                      share|improve this answer



                                      share|improve this answer










                                      answered Sep 22 '18 at 13:30









                                      Michael WileyMichael Wiley

                                      1




                                      1





















                                          0














                                          I got the same error while running $ kubectl get nodes as a root user. I fixed it by exporting kubelet.conf to environment variable.



                                          $ export KUBECONFIG=/etc/kubernetes/kubelet.conf
                                          $ kubectl get nodes





                                          share|improve this answer



























                                            0














                                            I got the same error while running $ kubectl get nodes as a root user. I fixed it by exporting kubelet.conf to environment variable.



                                            $ export KUBECONFIG=/etc/kubernetes/kubelet.conf
                                            $ kubectl get nodes





                                            share|improve this answer

























                                              0












                                              0








                                              0







                                              I got the same error while running $ kubectl get nodes as a root user. I fixed it by exporting kubelet.conf to environment variable.



                                              $ export KUBECONFIG=/etc/kubernetes/kubelet.conf
                                              $ kubectl get nodes





                                              share|improve this answer













                                              I got the same error while running $ kubectl get nodes as a root user. I fixed it by exporting kubelet.conf to environment variable.



                                              $ export KUBECONFIG=/etc/kubernetes/kubelet.conf
                                              $ kubectl get nodes






                                              share|improve this answer












                                              share|improve this answer



                                              share|improve this answer










                                              answered Nov 15 '18 at 14:21









                                              Lukasz DynowskiLukasz Dynowski

                                              1,6541835




                                              1,6541835



























                                                  draft saved

                                                  draft discarded
















































                                                  Thanks for contributing an answer to Stack Overflow!


                                                  • Please be sure to answer the question. Provide details and share your research!

                                                  But avoid


                                                  • Asking for help, clarification, or responding to other answers.

                                                  • Making statements based on opinion; back them up with references or personal experience.

                                                  To learn more, see our tips on writing great answers.




                                                  draft saved


                                                  draft discarded














                                                  StackExchange.ready(
                                                  function ()
                                                  StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f46234295%2fkubectl-unable-to-connect-to-server-x509-certificate-signed-by-unknown-authori%23new-answer', 'question_page');

                                                  );

                                                  Post as a guest















                                                  Required, but never shown





















































                                                  Required, but never shown














                                                  Required, but never shown












                                                  Required, but never shown







                                                  Required, but never shown

































                                                  Required, but never shown














                                                  Required, but never shown












                                                  Required, but never shown







                                                  Required, but never shown







                                                  Popular posts from this blog

                                                  Top Tejano songwriter Luis Silva dead of heart attack at 64

                                                  政党

                                                  天津地下鉄3号線