Error in apiserver: 'certificate signed by unknown authority'.

[ghost]

I followed the instruction (copied & pasted rootCA.crt in hook.yaml). After creating the test deployment, the POD test is not created. The error in the apiserver pod’s log indicates an invalid certificate (certificate signed by unknown authority). As a result K8s apiserver fails to create the POD ‘test’ (expected failurePolicy: Fail).

kubectl logs -n kube-system kube-apiserver-localhost.localdomain -f … dispatcher.go:72] Failed calling webhook, failing closed webhook-service.default.svc: failed calling admission webhook “webhook-service.default.svc”: Post https://webhook-service.default.svc:443/mutate?timeout=30s: x509: certificate signed by unknown authority

[scott2449]

Did you notice this bit of the post:

make sure to cut and paste that into the caBundle field of hook.yaml

This is referring to moving the generated output from the docker file to the Kubernetes resource yamls before applying them (or you can reapply)