9

I have been trying to install kubernetes in Oracle cloud server.
I followed the kubernetes instruction.

Output of kubectl config view :

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://10.0.0.208:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: DATA+OMITTED
    client-key-data: DATA+OMITTED

Error when exucuting sudo kubectl apply -f :

The connection to the server localhost:8080 was refused - did you specify the right host or port?

in addition, if I wanted to see the pods then came out another error message too.

Error when executing kubectl get pods :

E1228 00:53:51.858542   44216 memcache.go:238] couldn't get current server API group list: Get "https://10.0.0.208:6443/api?timeout=32s": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Veera Nagireddy
  • 1,656
  • 1
  • 3
  • 12
Joonseo Lee
  • 458
  • 2
  • 6
  • 12

1 Answers1

7

TLS certificate errors

The following error indicates a possible certificate mismatch.

# kubectl get pods

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

  • Verify that the $HOME/.kube/config file contains a valid certificate, and regenerate a certificate if necessary. The certificates in a kubeconfig file are base64 encoded. The base64 --decode command can be used to decode the certificate and openssl x509 -text -noout can be used for viewing the certificate information.

  • Unset the KUBECONFIG environment variable using:

    unset KUBECONFIG

Or set it to the default KUBECONFIG location:

export KUBECONFIG=/etc/kubernetes/admin.conf

Another workaround is to overwrite the existing kubeconfig for the "admin" user:

mv  $HOME/.kube $HOME/.kube.bak
mkdir $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

This error should only come up if you have no contexts configured in your client and Make sure you are executing the command from the right user. If you run kubectl config view and you get something like this:

The connection to the server localhost:8080 was refused - did you specify the right host or port?

Refer to github link & Kubernetes community Forums for more information to resolve your issue.

Veera Nagireddy
  • 1,656
  • 1
  • 3
  • 12