I’m trying to authenticate with a locally hosted kubernetes cluster using a certificate.
These are the steps I’m doing
- Convert the client certificate to PKCS:
- $ sudo openssl pkcs12 -export -out kubernetes.pfx -inkey /etc/kubernetes/pki/apiserver.key -in /etc/kubernetes/pki/apiserver.crt -certfile /etc/kubernetes/pki/ca.crt -passout pass:jenkins
- In Jenkins, create credentials using a certificate
- Kind: Certificate
- Certificate: Upload PKCS#12 certificate and upload file kubernetes.pfx
- Password: jenkins (as specified during certificate creation)
- Manage Jenkins -> Add new cloud -> Kubernetes
- Kubernetes URL: https://10.179.1.121:6443 (as output by kubectl config view)
- Kubernetes server certificate key: paste the contents of /etc/kubernetes/pki/ca.crt.
- Disable https certificate check: checked because the test setup does not have a signed certificate
- Kubernetes Namespace: tried both default and kubernetes-plugin
- Credentials: CN=kube-apiserver (i.e. the credentials created above)
Now when I click on Test Connection, this is the error message shown in the Jenkins Web UI:
Error connecting to https://10.179.1.121:6443: Failure executing: GET at: https://10.179.1.121:6443/api/v1/namespaces/kubernetes-plugin/pods. Message: Unauthorized.
The Jenkins logs show this message:
Sep 05, 2017 10:22:03 AM io.fabric8.kubernetes.client.Config tryServiceAccount
WARNING: Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring.
Whats the issue?