click icon indicating copy to clipboard operation
click copied to clipboard
verified publisher icon databricks

Configuration error?

Open zmsp opened this issue 7 years ago • 4 comments

Hello, all the commends return invalid certificate error. Would appreciate if you point out what I am missing. I am able to run all the Kubectl commands via the ~/.kube/config. Thanks.

[admin-cluster.local] [default] [none] > nodes
Hyper error: invalid certificate: InvalidReferenceNam

zmsp avatar Mar 27 '18 22:03 zmsp

Hrmm, seems like your certificate might be a bit odd. The WebPKI crate we use is very strict (I'd actually like to have it be less strict).

Do you have access to the public cert your apiserver is using for tls? If so, could you paste the output of openssl x509 -in [the-cert] -text -noout, but only the X509v3 extensions part (no need to make your cert more public).

If not, I can give you a bit more complex a set of commands to figure out what cert it's using.

nicklan avatar Mar 28 '18 03:03 nicklan 

X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:localhost, DNS:node1, DNS:node2, IP Address:192.168.1.240, IP Address:192.168.1.240, IP Address:192.168.1.241, IP Address:192.168.1.241, IP Address:10.233.0.1, IP Address:127.0.0.1

CarstonSchilds avatar Mar 28 '18 05:03 CarstonSchilds

I have same issue. My openssl output is:

X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
            X509v3 Authority Key Identifier:

            X509v3 Subject Alternative Name:
                DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster, DNS:kubernetes.default.svc.cluster.local, IP Address:127.0.0.1, IP Address:192.168.2.31, IP Address:192.168.2.31, IP Address:10.68.0.1

ogre0403 avatar Mar 29 '18 09:03 ogre0403

Same issue here. Running click at the master node, using the default /root/.kube/config created when Kubernetes was installed by Kubespray.

[none] [none] [none] > context admin-cluster.local
[admin-cluster.local] [none] [none] > pods
Hyper error: invalid certificate: InvalidReferenceName
[admin-cluster.local] [none] [none] >

The same config works fine with kubectl.

$ kubectl get pods
NAME                                    READY     STATUS    RESTARTS   AGE
networker-deployment-75676fc5f5-jl9s8   1/1       Running   0          3d
stresscpu-769f4d99d6-mk8tp              1/1       Running   0          1d
stressmem-6d798d8884-m927w              1/1       Running   2          1d

juliohm1978 avatar Mar 30 '18 15:03 juliohm1978