掌舵:x509:由未知机构签署的证书 [英] helm: x509: certificate signed by unknown authority

问题描述

我正在使用 Kubernetes，我最近更新了 kubeconfig 中使用的管理证书.但是，在我这样做之后，所有 helm 命令都失败了:

I'm using Kubernetes and I recently updated my admin certs used in the kubeconfig. However, after I did that, all the helm commands fail thus:

Error: Get https://cluster.mysite.com/api/v1/namespaces/kube-system/pods?labelSelector=app%3Dhelm%2Cname%3Dtiller: x509: certificate signed by unknown authority

kubectl 按预期工作:

$ kubectl get nodes
NAME                                           STATUS    ROLES     AGE       VERSION
ip-10-1-0-34.eu-central-1.compute.internal     Ready     master    42d       v1.7.10+coreos.0
ip-10-1-1-51.eu-central-1.compute.internal     Ready     master    42d       v1.7.10+coreos.0
ip-10-1-10-120.eu-central-1.compute.internal   Ready     <none>    42d       v1.7.10+coreos.0
ip-10-1-10-135.eu-central-1.compute.internal   Ready     <none>    27d       v1.7.10+coreos.0
ip-10-1-11-71.eu-central-1.compute.internal    Ready     <none>    42d       v1.7.10+coreos.0
ip-10-1-12-199.eu-central-1.compute.internal   Ready     <none>    8d        v1.7.10+coreos.0
ip-10-1-2-110.eu-central-1.compute.internal    Ready     master    42d       v1.7.10+coreos.0

据我所知，helm 应该使用与 kubectl 相同的证书，这让我很好奇 kubectl 有效，但 helm 无效?

As far as I've been able to read, helm is supposed to use the same certificates as kubectl, which makes me curious as how how kubectl works, but helm doesn't?

这是一个生产集群，内部版本通过 helm charts 处理，所以解决它是当务之急.

This is a production cluster with internal releases handled through helm charts, so it being solved is imperative.

任何提示将不胜感激.

推荐答案

作为一种解决方法，您可以尝试禁用证书验证.Helm 使用 kube 配置文件(默认为 ~/.kube/config).您可以为 cluster 部分添加 insecure-skip-tls-verify: true :

As a workaround you can try to disable certificate verification. Helm uses the kube config file (by default ~/.kube/config). You can add insecure-skip-tls-verify: true for the cluster section:

clusters:
- cluster:
    server: https://cluster.mysite.com
    insecure-skip-tls-verify: true
  name: default

您是否已经尝试重新安装 helm/tiller?

Did you already try to reinstall helm/tiller?

kubectl delete deployment tiller-deploy --namespace kube-system
helm init

还要检查您是否在集群配置中配置了无效的证书.

Also check if you have configured an invalid certificate in the cluster configuration.

这篇关于掌舵:x509:由未知机构签署的证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！