microk8s,DEVOPS:无法连接到服务器:x509:证书对于<内部IP>而不是<外部IP>有效. [英] microk8s, DEVOPS : Unable to connect to the server: x509: certificate is valid for <internal IPs>, not <external IP>
问题描述
我在ubuntu笔记本电脑上有一个microk8s集群.我想通过azure devops管道在其上应用部署yaml文件.
我已经在我的devops中成功定义了Kubernetes Service连接,并通过了验证.虽然当我尝试应用yaml文件时我得到了以下几行
/usr/bin/kubectl apply -f/home/vsts/work/1/s/devops/deploymen.yaml -o json## [错误]无法连接到服务器:x509:证书对于127.0.0.1、10.152.183.1、192.168.50.69、172.17.0.1、10.1.80.0有效,而不是我的外部IP" 192.168.50.69是我的网络中笔记本电脑的IP地址
我应该在哪里添加我的外部IP?
我找到了身份验证和授权,并编辑了/var/snap/microk8s/current/certs/csr.conf.template ,因此它现在包含我的IP.
文章说:
更改后,apiserver-kicker将自动检测差异,生成新证书并重新启动apiserver.您的DNS服务器设置和 kubeconfig 文件必须适当更新.
证书授权数据/var/snap/microk8s/current/certs/ca.crt 中的证书现在看起来与 microk8s config 中的证书不同
我还如上所述更新了 kubeconfig
但是仍然没有运气!
我转载了您的问题,解决方案似乎是在kubeconfig文件中添加证书或跳过tls验证.
您可以通过在kubeconfig文件中添加 insecure-skip-tls-verify:true 来做到这一点,使其看起来像这样:
-集群:insecure-skip-tls-verify:true服务器:https://< master_ip>:< port> 或在您的microk8s集群上修改 kubeconfig 并将 server:https://127.0.0.1:16443 更改为 server:https://< master_ip>:16443 并将其复制到您要从中访问群集的主机.
I have a microk8s cluster on a ubuntu laptop. I want to apply a deployment yaml file on it from azure devops pipeline.
I have successfully defined a Kubernetes Service connections in my devops and it went through verification. Though when I try to apply the yaml file I get these lines
/usr/bin/kubectl apply -f /home/vsts/work/1/s/devops/deploymen.yaml -o json
##[error]Unable to connect to the server: x509: certificate is valid for 127.0.0.1, 10.152.183.1, 192.168.50.69, 172.17.0.1, 10.1.80.0, not <my external IP>
192.168.50.69 is the ip of the laptop in my network
Where should I add my external IP?
EDIT :
I found Authentication and authorization and I edited /var/snap/microk8s/current/certs/csr.conf.template so it includes my IP now.
The article says :
After changing, the apiserver-kicker will automatically detect the difference, generate new certs and restart the apiserver. Your DNS server settings and kubeconfig file must be updated appropriately.
The certificate in certificate-authority-data /var/snap/microk8s/current/certs/ca.crt now looks different than the one from microk8s config
I also updated kubeconfig with as mentioned above
But still no luck !
I reproduced your issue and the solution seems to be either adding certificate in kubeconfig file or to skip tls verification.
You can do it by adding insecure-skip-tls-verify: true to kubeconfig file so it look something like this:
- cluster:
insecure-skip-tls-verify: true
server: https://<master_ip>:<port>
or modify kubeconfig on your microk8s cluster and change server: https://127.0.0.1:16443 to server: https://<master_ip>:16443 and copy it to the host you want to access cluster from.
这篇关于microk8s,DEVOPS:无法连接到服务器:x509:证书对于<内部IP>而不是<外部IP>有效.的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
