Error saying "Unable to connect to the server: x509: certificate signed by unknown authority"

0 votes

I am using kube-aws to v0.9.4-rc2

After successfully do kube-aws up --s3-uri s3://.., I tried to get the nodes with kubectl get nodes, and that's when I get this error:

$kubectl get nodes
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kube-ca")

In the kubeconfig file, there is a line describing the certificate authority:

apiVersion: v1
kind: Config
clusters:
- cluster:
    certificate-authority: credentials/ca.pem

Where am I going wrong?

Oct 4, 2018 in Kubernetes by lina
• 8,100 points
3,469 views

5 answers to this question.

0 votes

I think you're credentials were not generated correctly and so the apiserver certi was signed with a wrong ca cert. Delete the credentials directory, then destroy the cluster and bring it up. I think this should work.

answered Oct 4, 2018 by Kalgi
• 39,170 points
0 votes

Try this, it might help:

kops export kubecfg --name $CLUSTER_NAME
answered Apr 23 by Bob
0 votes

Make sure you execute these commands every time you recreate a cluster:

  mkdir -p $HOME/.kube
  sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  sudo chown $(id -u):$(id -g) $HOME/.kube/config
answered Apr 23 by Kishore
0 votes

Append kubectl get all command with --insecure-skip-tls-verify=true

This did the trick for me! Not sure about the logic behind it though.

answered Apr 23 by Joshua
+1 vote
export KUBECONFIG=/etc/kubernetes/admin.conf
answered Jul 26 by aneesh ansari

Related Questions In Kubernetes

0 votes
2 answers

Error saying “Error from server (NotFound): the server could not find the requested resource”

official Documentation says: A client should be skewed ...READ MORE

answered Sep 19, 2018 in Kubernetes by Nilesh
• 6,900 points
412 views
0 votes
1 answer

When I try to connect to the WebSocket through the gateway I get a 403 error

Try upgrading Contour to v0.6.0-beta.3 with IngressRoute You can ...READ MORE

answered Oct 1, 2018 in Kubernetes by Kalgi
• 39,170 points
274 views
0 votes
1 answer

permissions related to AWS ECR

if you add allowContainerRegistry: true, kops will add those permissions ...READ MORE

answered Oct 9, 2018 in Kubernetes by Kalgi
• 39,170 points
56 views
0 votes
1 answer
0 votes
1 answer

Create LoadBalancer for kubernetes cluster in aws

Hello @Lina, If you're running your cluster on ...READ MORE

answered Oct 8, 2018 in Kubernetes by Kalgi
• 39,170 points
48 views