小贝子编程

库贝克特尔回归"Unable to connect to the server: x509: certificate is valid for..."



我在远程机器(k8_host(上启动了一个minikube实例。我正在尝试从本地计算机(client_comp(连接到它。我按照这里给出的说明进行了设置并移交了证书。

看起来我可以在client_comp上成功地使用kubectl进行ping,但收到了一个证书错误:

$ kubectl get pods
Unable to connect to the server: x509: certificate is valid for 192.168.49.2, 10.96.0.1, 127.0.0.1, 10.0.0.1, not 192.168.1.69

当我检查minikube的IP设置时,我得到

$minikube ip
192.168.49.2

k8_host的ip为192.168.1.69。

如果我理解正确的话,当minikube启动时,它似乎自动生成了一组证书,这需要一个域。因此,它使用k8_host上的minikube本地ip(192.168.49.2(创建了证书。而且,当我尝试从client_comp连接时,它将主机设置为k8_host(192.168.1.69(的网络ip

我需要更新证书吗?我猜,由于nginx的设置只是通过ssl证书(使用流(,所以我不能在nginx配置中添加正确的主机。

为了将来参考,我在设置minikube时可能做错了什么吗?

供参考:

~/.kube/config(在client_comp上(

apiVersion: v1
clusters:
- cluster:
certificate-authority-data: [redacted]
server: [redacted]
name: docker-desktop
- cluster:
certificate-authority: home_computer/ca.crt
server: https://192.168.1.69:51999
name: home_computer
contexts:
- context:
cluster: docker-desktop
user: docker-desktop
name: docker-desktop
- context:
cluster: home_computer
user: home_computer
name: home_computer
current-context: home_computer
kind: Config
preferences: {}
users:
- name: docker-desktop
user:
client-certificate-data: [redacted]
client-key-data: [redacted]
- name: home_computer
user:
client-certificate: home_computer/client.crt
client-key: home_computer/client.key

~/.minikube/config(在k8主机上(

apiVersion: v1
clusters:
- cluster:
certificate-authority: /home/coopers/.minikube/ca.crt
extensions:
- extension:
last-update: Thu, 25 Mar 2021 22:27:27 EDT
provider: minikube.sigs.k8s.io
version: v1.18.1
name: cluster_info
server: https://192.168.49.2:8443
name: minikube
contexts:
- context:
cluster: minikube
extensions:
- extension:
last-update: Thu, 25 Mar 2021 22:27:27 EDT
provider: minikube.sigs.k8s.io
version: v1.18.1
name: context_info
namespace: default
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /home/coopers/.minikube/profiles/minikube/client.crt
client-key: /home/coopers/.minikube/profiles/minikube/client.key

/etc/nginx/nginx.conf(在k8主机上(

stream {
server {
listen 192.168.1.69:51999;
proxy_pass 192.168.49.2:8443;
}
}

我看到了这个问题,但它似乎有一个不同的根源问题。

感谢您的帮助或指导。

好吧,我找到了一种方法。这是一个deep-6-ish方法,只有当你可以失去k8s集群的状态时才应该使用。

首先,我停止了集群,并删除了所有集群定义:

$ minikube stop
$ minikube delete --all

然后我用重新启动集群

$ minikube start --apiserver-ips=<k8_host ip>

这重新创建了客户端密钥和证书,但保留了相同的ca证书。因此,我只需要将~/.minikube/profiles/minikube/client.crt和~/.miikube/profiles/mini kube/cclient.key从k8_host复制到client_comp。

希望这对将来的其他人有所帮助。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium