kubectl返回"Unable to connect to the server: x509: certificate is valid for...“
我在远程机器(k8_host)上启动了一个minikube实例。我正在尝试从本地计算机(client_comp)连接到它。我按照给here的说明进行了设置,并对证书进行了修改。
似乎我可以在client_comp上使用kubectl成功ping通,但我收到了一个证书错误:
$ kubectl get pods
Unable to connect to the server: x509: certificate is valid for 192.168.49.2, 10.96.0.1, 127.0.0.1, 10.0.0.1, not 192.168.1.69当我检查minikube的IP设置时,我得到
$minikube ip
192.168.49.2k8_host的ip为192.168.1.69。
如果我理解正确的话,它似乎在minikube启动时自动生成了一组证书,这需要一个域。因此,它在k8_host上使用minikube本地ip (192.168.49.2)创建了证书。而且,当我尝试从client_comp连接时,它将主机设置为k8_host的网络ip (192.168.1.69)。
我需要更新证书吗?我猜,因为nginx被设置为只传递ssl证书(使用流),所以我不能只是在nginx配置中添加正确的主机。
为了便于将来参考,在minikube安装过程中,我是否做错了什么?
供参考:
~/.kube/config (在client_comp上)
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: [redacted]
server: [redacted]
name: docker-desktop
- cluster:
certificate-authority: home_computer/ca.crt
server: https://192.168.1.69:51999
name: home_computer
contexts:
- context:
cluster: docker-desktop
user: docker-desktop
name: docker-desktop
- context:
cluster: home_computer
user: home_computer
name: home_computer
current-context: home_computer
kind: Config
preferences: {}
users:
- name: docker-desktop
user:
client-certificate-data: [redacted]
client-key-data: [redacted]
- name: home_computer
user:
client-certificate: home_computer/client.crt
client-key: home_computer/client.key~/..minikube/config(在k8主机上)
apiVersion: v1
clusters:
- cluster:
certificate-authority: /home/coopers/.minikube/ca.crt
extensions:
- extension:
last-update: Thu, 25 Mar 2021 22:27:27 EDT
provider: minikube.sigs.k8s.io
version: v1.18.1
name: cluster_info
server: https://192.168.49.2:8443
name: minikube
contexts:
- context:
cluster: minikube
extensions:
- extension:
last-update: Thu, 25 Mar 2021 22:27:27 EDT
provider: minikube.sigs.k8s.io
version: v1.18.1
name: context_info
namespace: default
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /home/coopers/.minikube/profiles/minikube/client.crt
client-key: /home/coopers/.minikube/profiles/minikube/client.key/etc/nginx/nginx.conf (在k8主机上)
stream {
server {
listen 192.168.1.69:51999;
proxy_pass 192.168.49.2:8443;
}
}我看到了this的问题,但它似乎有一个不同的根本问题。
感谢您的帮助或指导。
回答 1
Stack Overflow用户
发布于 2021-03-27 19:42:50
好吧,我找到了一个方法。这是一种深度约为6的方法,只有在您同意丢失k8s集群的状态时才应该使用。
首先,我停止了集群,并删除了所有集群定义:
$ minikube stop
$ minikube delete --all然后,我用以下命令重新启动了集群
$ minikube start --apiserver-ips=<k8_host ip>这将重新创建客户端密钥和证书,但保留相同的证书。因此,我只需要将~/.minikube/profiles/minikube/client.crt和~/.minikube/profiles/minikube/client.key从k8_host复制到client_comp。
希望这对将来的其他人有所帮助。
https://stackoverflow.com/questions/66825916
复制相似问题
腾讯云开发者
