Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of

原创

alibaby_007 2024-12-02 22:15:56 博主文章分类：kubernetes ©著作权

©著作权归作者所有：来自51CTO博客作者alibaby_007的原创作品，请联系作者获取转载授权，否则将追究法律责任

环境：k8s二进制部署

问题：

kube-apiserver重新生成证书后，kube-apiserver服务正常，但是报错

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")

Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of _k8s

解决：

删除/root/.kube下config文件，重新生成即可

#删除
cd /root/.kube/
cp config config.bak
rm -f /root/.kube/config

#创建证书请求文件
cd /k8s/softwares/TLS/k8s
cat > admin-csr.json <<EOF
{
  "CN": "admin",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "system:masters",
      "OU": "System"
    }
  ]
}
EOF
#生成证书 具有admin权限
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin

#重新生成kubectl连接kubeconfig文件
cd /k8s/softwares/TLS/k8s
mkdir /root/.kube
KUBE_CONFIG="/root/.kube/config"
KUBE_APISERVER="https://192.168.77.159:6443"

kubectl config set-cluster kubernetes \
  --certificate-authority=/opt/kubernetes/ssl/ca.pem \
  --embed-certs=true \
  --server=${KUBE_APISERVER} \
  --kubeconfig=${KUBE_CONFIG}

kubectl config set-credentials cluster-admin \
  --client-certificate=./admin.pem \
  --client-key=./admin-key.pem \
  --embed-certs=true \
  --kubeconfig=${KUBE_CONFIG}

kubectl config set-context default \
  --cluster=kubernetes \
  --user=cluster-admin \
  --kubeconfig=${KUBE_CONFIG}
#生成kubeconfig文件
kubectl config use-context default --kubeconfig=${KUBE_CONFIG}