Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Kubectl for Remote Access

When I execute the command with "--insecure-skip-tls-verify" it works fine.

dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get pods
No resources found.
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me get nodes
NAME                        STATUS     ROLES    AGE   VERSION
balab29123.mylabserver.com   NotReady   <none>   4h    v1.10.2
balab29124.mylabserver.com   NotReady   <none>   4h    v1.10.2
dev-env at balabimac in ~/kthw
$ kubectl --insecure-skip-tls-verify --context=kubernetes-me version
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.0", GitCommit:"0ed33881dc4355495f623c6f22e7dd0b7632b7c0", GitTreeState:"clean", BuildDate:"2018-09-28T15:20:58Z", GoVersion:"go1.11", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.2", GitCommit:"81753b10df112992bf51bbc2c2f85208aad78335", GitTreeState:"clean", BuildDate:"2018-04-27T09:10:24Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
But I am unable to access using the below command, I am stuck.
dev-env at balabimac in ~/kthw
$ kubectl config use-context kubernetes-me
Switched to context "kubernetes-me".
dev-env at balabimac in ~/kthw
$ kubectl get pods
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
$ kubectl get nodes
Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, 127.0.0.1.localhost, kubernetes.default, not localhost
dev-env at balabimac in ~/kthw
                is this an actual GKE cluster? where did you get the Kube-configs from? Check for the expiry dates on you cluster's certificates, it might be that the certificates are expired or your machine don't trust them (for self-signed/local cluster setups). Other than that I've seen this problem with the time on the cluster machines not being in sync
– andriosr
                Oct 21, 2018 at 12:25
                cool, so basically the certificate you issued to use in the apiserver is not trusted by your local machine. Just add it as a trusted cert in you machine and it should work.
– andriosr
                Oct 22, 2018 at 17:25
It looks like when you generated the kubernetes API server certificate, you put 127.0.0.1.localhost instead of 127.0.0.1,localhost . Just a small typo, but as a result the cert is not properly signed for localhost, which will lead to this error when you are trying to connect. Re-generate the Kube API server cert with the correct values. Then copy the cert files to your control nodes and put the files in the correct place, replacing the old files.
dev-env at balabimac in ~/kthw 
$ kubectl get pods Unable to connect to the server: x509: certificate is valid for balab29121.mylabserver.com, balab29122.mylabserver.com, balab29126.mylabserver.com, **127.0.0.1.localhost**, kubernetes.default, not localhost
The solution is to give the kubelet a serving certificate signed by the --kubelet-certificate-authority [1]. If the kubelet is not given a serving certificate, it currently generates a self-signed one.
[1]https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/#requesting-a-certificate
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.