kube-forwarder icon indicating copy to clipboard operation
kube-forwarder copied to clipboard

Published 20 hours ago verified publisher icon pixel-point

Unable to get issuer certificate with self-signed certificate clusters

Open ddcruver opened this issue 5 years ago • 1 comments

I am trying to connect to a Kubernetes cluster that has a self-signed certificate that has no issuer.

I am getting this error when trying to add clusters and play/pause port forwarding: kube-forwarder-error

The kubectl command has accepted my use of a self-signed certificate and would like to see this application allow this as well.

Workaround: Set config property insecure-skip-tls-verify: true in .kube/config.

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    insecure-skip-tls-verify: true
    server: https://node01.docker.example.com:6443
  name: default-cluster
contexts:
- context:
    cluster: default-cluster
    namespace: NAMESPACE
    user: default-admin
  name: default-system
current-context: default-system
kind: Config
preferences: {}
users:
- name: default-admin
  user:
    client-certificate: PATH_TO_CERTIFICATE
    client-key: PATH_TO_KEY

kubernetes-port-forwarder starts to work but when I execute any kubectl commands I get the following error:

error: specifying a root certificates file with the insecure flag is not allowed

I can resolve this issue by removing my certificate-authority-data but believe ultimately that even though I have a self-signed certificate there is some security allowing kubectl to verifying that the certificate has not changed.

ddcruver avatar Nov 05 '19 19:11 ddcruver

face the same issue

zephyrpathsofglory avatar Aug 30 '21 09:08 zephyrpathsofglory