Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Is there a proper way to enable front proxy tls for extension api server

See original GitHub issue

Hi all! I’m trying to play with kubevirt on top of microk8s and need to enable

--proxy-client-cert-file=<path to aggregator proxy cert>
--proxy-client-key-file=<path to aggregator proxy key>

flags for kube api server. Have anyone advice how to generate cert and key to do it? Related issue https://github.com/kubevirt/kubevirt/issues/1126

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
ktsakalozoscommented, May 20, 2019

Based on the comment https://github.com/kubevirt/kubevirt/issues/1126#issuecomment-396360167 we can append the following into /var/snap/microk8s/current/args/kube-apiserver :

--proxy-client-cert-file=${SNAP_DATA}/certs/server.crt
--proxy-client-key-file=${SNAP_DATA}/certs/server.key

Then do a MicroK8s restart:

microk8s.stop
microk8s.start

Wait for the pods to restart. Have a look at microk8s.kubectl get all --all-namespaces.

You will then be able to do a:

sudo ./virtctl  --kubeconfig /var/snap/microk8s/current/credentials/client.config start testvm
VM testvm was scheduled to start

Or put the kubeconfig in the default location:

> microk8s.kubectl config view --raw > ~/.kube/config
> ./virtctl start testvm
Error starting VirtualMachine the server rejected our request for an unknown reason
> ./virtctl stop testvm
VM testvm was scheduled to stop
0reactions
attila123commented, Sep 28, 2021

Thanks @ktsakalozos Actually I was only looking for how to use virtctl with microk8s, so I only did the 2nd half of your comment (e.g. using --kubeconfig with virtctl and saving the kubeconfig from microk8s, these worked fine with current microk8s, kubevirt, virtctl versions).

Read more comments on GitHub >

github_iconTop Results From Across the Web

Is there a proper way to enable front proxy tls for extension api ...
Hi all! I'm trying to play with kubevirt on top of microk8s and need to enable --proxy-client-cert-file= --proxy-client-key-file= flags for ...
Read more >
Configure the Aggregation Layer - Kubernetes
The Kubernetes apiserver connects to the extension apiserver over TLS, authenticating itself using a client certificate. You must provide the ...
Read more >
Configuring TLS access to an API for the Private Cloud
To enable two-way TLS, set the <ClientAuthEnabled> element to true , and specify a truststore using the <TrustStore> element.
Read more >
TLS — envoy 1.25.0-dev-18e3d1 documentation
Resumption can be performed across hot restarts and between parallel Envoy instances (typically useful in a front proxy configuration).
Read more >
Kubernetes API Aggregation Setup — Nuts & Bolts - Medium
It is responsible for discovering and registering extension apiservers and acting as a front-proxy to the individual extension apiservers.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

microk8s.reset doesn't clean up volumes

Next page

MicroK8s services restart after a refresh