has anyone face the error: certificate signed by unknown authority
even I have properly configured the …/.kube/config file with the correct value provided when I create a simple cluster. when I try to kubectl get nodes the response is: E1123 20:49:38.941416 33456 memcache.go:265] couldn't get current server API group list: Get "https://<myclusternumber>.se-sto-1.linodelke.net:443/api?timeout=32s": tls: failed to verify certificate: x509: certificate signed by unknown authority</myclusternumber>
As I have copied and pasted the cluster definition into the config file I assume that the values of certificate-authority-data and token are correct.
Thanks for any tip in this very basic question
2 Replies
after running the kubectl with the option:
kubectl get pods --insecure-skip-tls-verify
the error shown has changed to:
E1124 11:49:10.376064 32488 memcache.go:265] couldn't get current server API group list: invalid character '<' looking for beginning of value
E1124 11:49:11.264463 32488 memcache.go:265] couldn't get current server API group list: invalid character '<' looking for beginning of value
E1124 11:49:12.140603 32488 memcache.go:265] couldn't get current server API group list: invalid character '<' looking for beginning of value
E1124 11:49:13.037458 32488 memcache.go:265] couldn't get current server API group list: invalid character '<' looking for beginning of value
E1124 11:49:13.938948 32488 memcache.go:265] couldn't get current server API group list: invalid character '<' looking for beginning of value
error: invalid character '<' looking for beginning of value
I will keep on reviewing the incident
CassandraD
Linode Staff
It looks like you're using LKE, which is a partially managed service. The Kubeconfig file provided in Cloud Manager when the service is deployed should work without any changes when the Cluster is deployed. If you didn't make any changes and can't reach your Cluster with kubectl commands, you can open a Support Ticket and we can investigate from our side.
If that's the case, you can provide more information by running kubectl commands with more verbose logging, like this for example:
kubectl get nodes --v=9
You can also view the Kubeconfig file from Cloud Manager and look at the cluster section to see the certificate-authority-data. Getting that information and sharing it in the ticket could help us pinpoint the cause of the problem.
If you did edit the file, I'd recommend resetting the Cluster's Kubeconfig. You can do this by navigating to the Cluster record in Cloud Manager and hitting the reset button in the Kubeconfig section at the top of the screen. You'll then want to go back to this step in our guide to getting started with LKE, where you'll download the new file and point the $KUBECONFIG variable to the path for the new file.