Kubernetes authentication with certificate

0 votes

I’m trying to authenticate with a locally hosted kubernetes cluster using a certificate.

These are the steps I’m doing

  1. Convert the client certificate to PKCS:
  2. $ sudo openssl pkcs12 -export -out kubernetes.pfx -inkey /etc/kubernetes/pki/apiserver.key -in /etc/kubernetes/pki/apiserver.crt -certfile /etc/kubernetes/pki/ca.crt -passout pass:jenkins
  3. In Jenkins, create credentials using a certificate
    1. Kind: Certificate
    2. Certificate: Upload PKCS#12 certificate and upload file kubernetes.pfx
    3. Password: jenkins (as specified during certificate creation)
  4. Manage Jenkins -> Add new cloud -> Kubernetes
    1. Kubernetes URL: https://10.179.1.121:6443 (as output by kubectl config view)
    2. Kubernetes server certificate key: paste the contents of /etc/kubernetes/pki/ca.crt.
    3. Disable https certificate check: checked because the test setup does not have a signed certificate
    4. Kubernetes Namespace: tried both default and kubernetes-plugin
    5. Credentials: CN=kube-apiserver (i.e. the credentials created above)

Now when I click on Test Connection, this is the error message shown in the Jenkins Web UI:

Error connecting to https://10.179.1.121:6443: Failure executing: GET at: https://10.179.1.121:6443/api/v1/namespaces/kubernetes-plugin/pods. Message: Unauthorized.

The Jenkins logs show this message:

Sep 05, 2017 10:22:03 AM io.fabric8.kubernetes.client.Config tryServiceAccount

WARNING: Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring.

Whats the issue?

Aug 27, 2018 in Docker by lina
• 8,220 points
2,825 views

1 answer to this question.

0 votes

The Jenkins error log warning message indicates that the key used to encrypt ServiceAccount tokens is different in kube-apiserver (--service-account-key-file) and kube-controller-manager (--service-account-private-key-file). If your kube-apiserver command-line doesn't specify --service-account-key-file then the value of --tls-private-key-file is used.

Its always better to explicitly set kube-apiserver --service-account-key-file to match the kube-controller-manager --service-account-private-key-file value.

Ready to master the future of cloud computing? Enroll now in our Kubernetes Certification! Gain hands-on expertise in container orchestration, scale applications effortlessly, and streamline deployment workflows with Kubernetes.

answered Aug 27, 2018 by Kalgi
• 52,350 points

Related Questions In Docker

0 votes
0 answers

x509: certificate signed by unknown authority - both with docker and with github

Used the below command for build- docker build ...READ MORE

Apr 21, 2022 in Docker by pranav
• 2,590 points
1,762 views
0 votes
1 answer

build an J2EE application with docker

I would suggest you to use volume ...READ MORE

answered May 1, 2018 in Docker by shubham
• 7,340 points
937 views
0 votes
1 answer

Docker ports are working on the localhost but not with public ip

Probably, the reason is that you've included ...READ MORE

answered Jun 12, 2018 in Docker by Damon Salvatore
• 5,980 points

edited Oct 15, 2018 by Kalgi 4,201 views
+1 vote
1 answer
0 votes
3 answers

Error while joining cluster with node

Hi Kalgi after following above steps it ...READ MORE

answered Jan 17, 2019 in Others by anonymous
15,572 views
+15 votes
2 answers

Git management technique when there are multiple customers and need multiple customization?

Consider this - In 'extended' Git-Flow, (Git-Multi-Flow, ...READ MORE

answered Mar 27, 2018 in DevOps & Agile by DragonLord999
• 8,450 points
4,061 views
0 votes
1 answer

docker unauthorized: authentication required - upon push with successful login

I also had the same issue.This is ...READ MORE

answered Jul 31, 2018 in Docker by Kalgi
• 52,350 points
7,476 views
0 votes
1 answer

How can I expose more than 1 port with Docker?

To expose just one port, this is ...READ MORE

answered Jul 25, 2018 in Docker by Kalgi
• 52,350 points
760 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP