When accessing the k8s cluster, Unable to connect to the server: x509: certificate is valid for xxx, not xxx problem solving [detailed steps]

Others 2023-05-07 20:01:14 views: null

After the author configured the k8s cluster, I excitedly sent it to a colleague working remotely for testing. The colleague connected to my server through VPN, and then executed the kubectl command through the server. As a result, the error in the title appeared. The reason is that when accessing through a VPN, the address of the server is not the original intranet address, so it needs to be authorized for the VPN address. The authorization process is as follows

View apiserver certificate

openssl x509 -noout -text -in apiserver.crt|grep DNS
                DNS:debian-1, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:10.96.0.1, IP Address:192.168.1.195

The required ip address is not present in the certificate

Delete the old apiserver certificate

cd /etc/kubernetes/pki
rm apiserver.*

Generate a new apiserver certificate

kubeadm init phase certs apiserver --apiserver-advertise-address ${apiserver-ip1} --apiserver-cert-extra-sans ${apiserver-ip2} --apiserver-cert-extra-sans ${apiserver-ip3}

In the above command, ${apiserver-ip1} ${apiserver-ip2} ${apiserver-ip3} should be adjusted according to the actual situation of your own cluster. If you need to add more addresses, you can continue to add the --apiserver-cert-extra-sans ${apiserver-ip} parameter in the command.

At this point, you can see that a new apiserver certificate has been generated.

ls apiserver.*
apiserver.crt  apiserver.key

restart apiserver

$ docker ps|grep apiserver
c6947d3f08cb   b6d7abedde39                                        "kube-apiserver --ad…"   3 days ago       Up 42 minutes                                                          k8s_kube-apiserver_kube-apiserver-debian-1_kube-system_8c9ab1ead009c3ba3cbb640306555281_12
3d6e28c76425   registry.aliyuncs.com/google_containers/pause:3.6   "/pause"                 3 days ago       Up 42 minutes                                                          k8s_POD_kube-apiserver-debian-1_kube-system_8c9ab1ead009c3ba3cbb640306555281_1
$ docker restart c6947d3f08cb 3d6e28c76425
c6947d3f08cb
3d6e28c76425

examine

$ kubectl cluster-info
Kubernetes control plane is running at https://192.168.1.195:6443
CoreDNS is running at https://192.168.1.195:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

Finish

Guess you like

Origin blog.csdn.net/marlinlm/article/details/122166105
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com