kubernetes-tutorial
kubernetes-tutorial copied to clipboard
redhat-scholars
error doing tutorial "certificate apiserver-kubelet-client not signed by CA certificate"
error execution phase certs/apiserver-kubelet-client: [certs] certificate apiserver-kubelet-client not signed by CA certificate ca: crypto/rsa: verification error
To see the stack trace of this error execute with --v=5 or higher
On Windows 11,
- ran Docker Desktop in Admin mode
- opened a windows terminal in administrator mode.
- ran wsl
- installed minikube for windows
- in wsl terminal minikube start --memory=2200mb --cpus=3 --kubernetes-version=v1.18.6 --vm-driver=docker -p devnation
I get the above error. Logs attached.
minikube starts only if I do
/mnt/c/kubernetes-tutorial$ minikube start driver=docker
I see one error of "Your cgroup does not allow setting memory." It could be that on WSL that memory is equal to that of the Docker Daemon and that is how it is set. See if "-p" for profile will work. -p is optional. --kubernetes-version is not required to run the tutorial, the lastest version should normally work aside from the occasional aging out of a specific version string in a .yaml (I upgraded the ingress yaml recently).
Thanks. I tried again with -p devnation
🏃 Updating the running docker "devnation" container ... 😿 Failed to start docker container. Running "minikube delete -p devnation" may fix it: provision: Temporary Error: NewSession: new client: new client: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
After the delete,
:/mnt/c/kubernetes-tutorial$ minikube start driver=docker -p devnation 😄 [devnation] minikube v1.25.2 on Ubuntu 20.04 (amd64) ✨ Using the docker driver based on user configuration 👍 Starting control plane node devnation in cluster devnation 🚜 Pulling base image ... 💾 Downloading Kubernetes v1.23.3 preload ... > preloaded-images-k8s-v17-v1...: 505.68 MiB / 505.68 MiB 100.00% 11.37 Mi 🔥 Creating docker container (CPUs=2, Memory=2200MB) ... 🐳 Preparing Kubernetes v1.23.3 on Docker 20.10.12 ... ▪ kubelet.housekeeping-interval=5m ▪ Generating certificates and keys ... ▪ Booting up control plane ... ▪ Configuring RBAC rules ... 🔎 Verifying Kubernetes components... ▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5 🌟 Enabled addons: default-storageclass, storage-provisioner 🏄 Done! kubectl is now configured to use "devnation" cluster and "default" namespace by default
Trying to create an ingress (following the tutorial since external ip address was in pending state), I get a certificate error. following https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/
error execution phase certs/apiserver-kubelet-client: [certs] certificate apiserver-kubelet-client not signed by CA certificate ca: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "minikubeCA")
logs are attached. error-log2.txt
I tried again but got this error
/mnt/c/kubernetes-tutorial$ minikube addons enable ingress
▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.1.1
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
🔎 Verifying ingress addon...
❌ Exiting due to MK_ADDON_ENABLE: run callbacks: running callbacks: [sudo KUBECONFIG=/var/lib/minikube/kubeconfig /var/lib/minikube/binaries/v1.23.3/kubectl apply -f /etc/kubernetes/addons/ingress-deploy.yaml: Process exited with status 1
stdout:
stderr:
The connection to the server localhost:8443 was refused - did you specify the right host or port?
waiting for app.kubernetes.io/name=ingress-nginx pods: timed out waiting for the condition]
When I do a minikube delete and then minikube start without specifying -p devnation or driver=docker, then it works. I don't understand it.
/mnt/c/kubernetes-tutorial$ minikube start
😄 minikube v1.25.2 on Ubuntu 20.04 (amd64)
✨ Using the docker driver based on user configuration
👍 Starting control plane node minikube in cluster minikube
🚜 Pulling base image ...
🔥 Creating docker container (CPUs=2, Memory=2200MB) ...
🐳 Preparing Kubernetes v1.23.3 on Docker 20.10.12 ...
▪ kubelet.housekeeping-interval=5m
▪ Generating certificates and keys ...
▪ Booting up control plane ...
▪ Configuring RBAC rules ...
🔎 Verifying Kubernetes components...
▪ Using image gcr.io/k8s-minikube/storage-provisioner:v5
🌟 Enabled addons: storage-provisioner, default-storageclass
🏄 Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
me@DESKTOP:/mnt/c/kubernetes-tutorial$ minikube addons enable ingress
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
▪ Using image k8s.gcr.io/ingress-nginx/controller:v1.1.1
▪ Using image k8s.gcr.io/ingress-nginx/kube-webhook-certgen:v1.1.1
🔎 Verifying ingress addon...
🌟 The 'ingress' addon is enabled
One tricky thing is that we are able to test these materials on Mac and Linux fairly often but we have very few Windows machines to test with.
One tricky thing is that we are able to test these materials on Mac and Linux fairly often but we have very few Windows machines to test with.
I can volunteer to run tests on my machine :) It is likely that most people running your tutorials to learn Kubernetes, are on Windows machines.