Join Log in
Score:0
khlilturki97 avatar Server

kubeadm : unable to register node with api server x509 certificate signed by unknown authority kubeadm

zm flag
khlilturki97

I am trying to create a K8S cluster in HA. I have created 2 VMs, one acting as a load balancer and the second as the master node.

The load balancer has a simple NGINX server with the following configuration

events {}
http {
   upstream backend {
      server <master ip>:6443;
   }

   # This server accepts all traffic to port 80 and passes it to the upstream.
   # Notice that the upstream name and the proxy_pass need to match.

   server {
      listen 6443 ssl;
    ssl_certificate     /etc/nginx/server.crt;
    ssl_certificate_key /etc/nginx/server.key;
      location / {
          proxy_pass https://backend;
      }
   }
}

the server.crt has been signed by my company CA certificate ca.crt

i copied ca.crt from the load balancer to the master node under /usr/share/ca-certificates and tried to kubeadm init

sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --control-plane-endpoint <my-domain-name>

but kubeadm still doesn't recognize the CA cert. it displays

"Unable to register node with API server" err="Post \"https://<my-domain-name>:6443/api/v1/nodes\": x509: certificate signed by unknown authority" node="master01"

any clues ? thanks

418
0 + 1
in flag
mdaniel
Hi khlilturki97 welcome to S.F. "the server.crt has been signed by my company CA" is not how kubernetes works; it has its own CA hierarchy and any x509 presented to the api-server must be signed by its CA. I'm sure it's possible to have the api-server be a leaf CA to your org's, but it's often more trouble than it's worth. That's a lot of words to say: you're solving the wrong problem, and should be just passing TLS traffic upstream in your HA setup, not trying to terminate TLS on the edge
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.