掌舵:x509:由未知机构签署的证书 [英] helm: x509: certificate signed by unknown authority
问题描述
我正在使用 Kubernetes,我最近更新了 kubeconfig
中使用的管理证书.但是,在我这样做之后,所有 helm
命令都失败了:
I'm using Kubernetes and I recently updated my admin certs used in the kubeconfig
. However, after I did that, all the helm
commands fail thus:
Error: Get https://cluster.mysite.com/api/v1/namespaces/kube-system/pods?labelSelector=app%3Dhelm%2Cname%3Dtiller: x509: certificate signed by unknown authority
kubectl
按预期工作:
$ kubectl get nodes
NAME STATUS ROLES AGE VERSION
ip-10-1-0-34.eu-central-1.compute.internal Ready master 42d v1.7.10+coreos.0
ip-10-1-1-51.eu-central-1.compute.internal Ready master 42d v1.7.10+coreos.0
ip-10-1-10-120.eu-central-1.compute.internal Ready <none> 42d v1.7.10+coreos.0
ip-10-1-10-135.eu-central-1.compute.internal Ready <none> 27d v1.7.10+coreos.0
ip-10-1-11-71.eu-central-1.compute.internal Ready <none> 42d v1.7.10+coreos.0
ip-10-1-12-199.eu-central-1.compute.internal Ready <none> 8d v1.7.10+coreos.0
ip-10-1-2-110.eu-central-1.compute.internal Ready master 42d v1.7.10+coreos.0
据我所知,helm
应该使用与 kubectl
相同的证书,这让我很好奇 kubectl
有效,但 helm
无效?
As far as I've been able to read, helm
is supposed to use the same certificates as kubectl
, which makes me curious as how how kubectl
works, but helm
doesn't?
这是一个生产集群,内部版本通过 helm charts 处理,所以解决它是当务之急.
This is a production cluster with internal releases handled through helm charts, so it being solved is imperative.
任何提示将不胜感激.
推荐答案
作为一种解决方法,您可以尝试禁用证书验证.Helm 使用 kube 配置文件(默认为 ~/.kube/config
).您可以为 cluster
部分添加 insecure-skip-tls-verify: true
:
As a workaround you can try to disable certificate verification. Helm uses the kube config file (by default ~/.kube/config
). You can add insecure-skip-tls-verify: true
for the cluster
section:
clusters:
- cluster:
server: https://cluster.mysite.com
insecure-skip-tls-verify: true
name: default
您是否已经尝试重新安装 helm/tiller?
Did you already try to reinstall helm/tiller?
kubectl delete deployment tiller-deploy --namespace kube-system
helm init
还要检查您是否在集群配置中配置了无效的证书.
Also check if you have configured an invalid certificate in the cluster configuration.
这篇关于掌舵:x509:由未知机构签署的证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!