lens
lens copied to clipboard
Connection problem to self-signed tls certificates still present
Describe the bug I am trying to connect to a kubernetes hosted on our office ESXi-Server. Local kubectl works fine there, but trying to connect from my workstation Lens stucks as the CA/Cert for kubernetes is self signed.
I have been trying to modify kube-config:
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
certificate-authority-data: {PRIVATE}
Now the error in Lens has changed as follows:
error: specifying a root certificates file with the insecure flag is not allowed
I think this is misbehaving. I know that my CA/Cert is self-signed and I want to override this warning.
Trying the same without insecure-skip-tls-verify: true
the Lens error is as follows:
E0427 12:19:27.284567 88962 proxy_server.go:147] Error while proxying request: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Trying to connect with renaming certificate-authority-data
with prefix '__' works! But this leads to user-confusion having to know that.
Comparing this to CLI kubectl, there it works fine!
$> kubectl --insecure-skip-tls-verify get pods
Expected behavior
I think it should be valid to have the certificate-authority-data
present in combination with insecure-skip-tls-verify: true
so it should connect!
Environment (please complete the following information):
- Lens Version: 5.4.6-latest
- OS: OSX
What version of kubectl are you using on the command line?
I have the same problem.
same
same
I have a home lap k8s cluster and I am having the same issue, I usually connect to it by running kubectl --insecure-skip-tls-verify
but I dont know how to connect using Lens
remove the certificate-authority-data
works for me
![image](https://user-images.githubusercontent.com/10279583/190940212-932350e6-d3e4-4301-9d6f-398f04b8755d.png)
Removing the certificate is the correct thing to do. This requirement come from client-go itself. If you need to use the flag with kubectl then having the certificate in your kubeconfig is useless anyway.