kubectl - error x509 certificate signed by unknown authority

15.6k views Asked by At

I installed k3s on a single node. But when i try to connect to it remotly from my machine with kubectl I get the following error:

» kubectl version                                                                                                                                                                              
Client Version: version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.8-beta.0", GitCommit:"6c143d35bb11d74970e7bc0b6c45b6bfdffc0bd4", GitTreeState:"archive", BuildDate:"2020-01-29T00:00:00Z", GoVersion:"go1.14beta1", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate signed by unknown authority

On the k3s server kubectl is installed and puts that out:

> kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.9+k3s1", GitCommit:"630bebf94b9dce6b8cd3d402644ed023b3af8f90", GitTreeState:"clean", BuildDate:"2020-09-17T19:05:07Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.9+k3s1", GitCommit:"630bebf94b9dce6b8cd3d402644ed023b3af8f90", GitTreeState:"clean", BuildDate:"2020-09-17T19:05:07Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}

I copied the k3s.yaml file from the server to my machine, renamed it to config and placed into ~/.kube/config.

I tried to use --insecure-skip-tls-verify and it works, but i don't want to use it everytime.

2

There are 2 answers

2
confused genius On BEST ANSWER

The error you are getting "Unable to connect to the server: x509: certificate signed by unknown authority" . It seems like you have copied only the ~/.kube/(config) file . see the content of ~/.kube/(config) file and if that file entries of a CA root certificate , Client certificate and key entries then you need to copy all those three files also to your machine.

0
khancell On

I have got the exact same error closing my terminal. This was just an environment variable to set with the following command:

export KUBECONFIG="$(k3d kubeconfig write k3s-default)"