question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

failed to access from outside VM: Unable to connect to the server: x509: certificate is valid for 127.0.0.1...

See original GitHub issue

Please run microk8s.inspect and attach the generated tarball to this issue.

inspection-report-20190405_143043.tar.gz

Hi, as the issue subject said, i failed to access microk8s installed on my VM, the host OS is Mac.

I tried to install it by getting the config using microk8s.config and copy it to the host machine.

and i got this

ibk:~
$ KUBECONFIG=~/microk8s_kubeconfig kubectl get pods
Unable to connect to the server: x509: certificate is valid for 127.0.0.1, 10.152.183.1, 10.0.2.15, not 192.168.33.10

I’m aware about #110, but it is my local network, so it should be safe.

The solution seems to be to regenerate the certificate, but i’m not sure how to do it on microk8s.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:8 (3 by maintainers)

github_iconTop GitHub Comments

2reactions
ktsakalozoscommented, Apr 5, 2019

Hi @iwanbk, could you try the microk8s.config -l (note the -l flag) to produce the config. If this is no good for you, could you try the --edge channel (sudo snap install microk8s --classic --edge)? The issue you are reporting is already addressed and is released to edge, we will soon release it to the rest of the channels.

1reaction
niklasholmcommented, Apr 9, 2019

I also have this issue, I’m running micro8ks inside a VM configured with two interfaces, one NATed and one host-only, to give host->guest access while also giving the VM internet access without exposing it to the world (which bridging would).

It seems to me that the problem is that the code assumes only the default interface is external, and includes only that in the certificate instead of including both external interfaces as it should. Apparently it still binds to both interfaces so why shouldn’t it include both addresses in the certificate?

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"14", GitVersion:"v1.14.1", GitCommit:"b7394102d6ef778017f2ca4046abbaa23b88c290", GitTreeState:"clean", BuildDate:"2019-04-08T17:11:31Z", GoVersion:"go1.12.1", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate is valid for 127.0.0.1, 10.152.183.1, 10.0.2.15, not 192.168.56.101
$ /snap/core/current/bin/ip -o -4 addr list
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
2: enp0s3    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3\       valid_lft 74568sec preferred_lft 74568sec
3: enp0s8    inet 192.168.56.101/24 brd 192.168.56.255 scope global dynamic enp0s8\       valid_lft 761sec preferred_lft 761sec
4: docker0    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0\       valid_lft forever preferred_lft forever
5: cbr0    inet 10.1.1.1/24 scope global cbr0\       valid_lft forever preferred_lft forever
$ /snap/core/current/bin/netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG        0 0          0 enp0s3
10.0.2.0        0.0.0.0         255.255.255.0   U         0 0          0 enp0s3
10.0.2.2        0.0.0.0         255.255.255.255 UH        0 0          0 enp0s3
10.1.1.0        0.0.0.0         255.255.255.0   U         0 0          0 cbr0
172.17.0.0      0.0.0.0         255.255.0.0     U         0 0          0 docker0
192.168.56.0    0.0.0.0         255.255.255.0   U         0 0          0 enp0s8
Read more comments on GitHub >

github_iconTop Results From Across the Web

Unable to connect to the server: x509: certificate is valid for ...
Hi, as the issue subject said, i failed to access microk8s installed on my VM, the host OS is Mac. I tried to...
Read more >
microk8s, DEVOPS : Unable to connect to the server: x509
The microk8s documentation has a troubleshooting guide for this error: I get "Unable to connect to the server: x509" on a multi-node cluster....
Read more >
Troubleshoot backend health issues in Application Gateway
Cause: This error occurs when Application Gateway can't verify the validity of the certificate. Solution: To resolve this issue, verify that the ...
Read more >
PKI certificates and requirements - Kubernetes
Kubernetes requires PKI certificates for authentication over TLS. If you install Kubernetes with kubeadm, the certificates that your cluster ...
Read more >
The Definitive Debugging Guide for the cert-manager ...
This guide helps you debug communication issues between the Kubernetes API server and the cert-manager webhook pod. The error messages ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found