Kubernetes kubectl security

Kubectl x509 Unable to Connect

Kubernetes remote access and TLS certs.

Posted by Craig Johnston on Thursday, May 10, 2018

Just set up a brand new cluster? Changed the domain or IP of your admin node? Then you may have encountered the error Unable to connect to the server: x509: certificate is valid for …. The following is a fix for this common issue. However, there are often other reasons to rebuild your cluster cert, and it’s relatively easy.

TL;DR: “I don’t care about the fix I need to remote control my cluster. Security? Whats that?":

kubectl --insecure-skip-tls-verify --context=some-context get pods

Let’s say you want to fix the issue and not just skip-tls-verify. Ssh to the admin node and run the following (assuming Kubernetes 1.8 or greater):

# remove the certs
rm /etc/kubernetes/pki/apiserver.*

# re-create with updated --apiserver-cert-extra-sans
kubeadm alpha phase certs all --apiserver-advertise-address=0.0.0.0 --apiserver-cert-extra-sans=new.example.com

# remove the kubernetes api server container
docker rm -f `docker ps -q -f 'name=k8s_kube-apiserver*'`

# restart the kublet
systemctl restart kubelet
Support this blog! Buy my new book:

Advanced Platform Development with Kubernetes
What You'll Learn
  • Build data pipelines with MQTT, NiFi, Logstash, MinIO, Hive, Presto, Kafka and Elasticsearch
  • Leverage Serverless ETL with OpenFaaS
  • Explore Blockchain networking with Ethereum
  • Support a multi-tenant Data Science platform with JupyterHub, MLflow and Seldon Core
  • Build a Multi-cloud, Hybrid cluster, securely bridging on-premise and cloud-based Kubernetes nodes

Port Forwarding / Local Development

Check out kubefwd for a simple command line utility that bulk forwards services of one or more namespaces to your local workstation.

Resources

This blog post, titled: "Kubectl x509 Unable to Connect: Kubernetes remote access and TLS certs." by Craig Johnston, is licensed under a Creative Commons Attribution 4.0 International License. Creative Commons License

SUPPORT

Order my new Kubernetes book: Advanced Platform Development with Kubernetes: Enabling Data Management, the Internet of Things, Blockchain, and Machine Learning

SHARE
FOLLOW
FEATURED TAGS
blockchain data data-science development devops docker elasticsearch golang ingress iot kubectl kubernetes microservices python raspberry-pi security utils
RELATED