Reputation:
Kubernetes on localhost: setup certificates
I've just installed a kubernetes testinstallation directly on my fedora laptop using this guide.
After starting kube2sky I've noticed I can't connect to the kubernetes api since the certificates are required. kubernetes-ro is deprecated and no longer available on my machine, so I get the following errors:
E0627 15:58:07.145720 1 reflector.go:133] Failed to list *api.Service: Get https://10.254.0.1:443/api/v1beta3/services: x509: failed to load system roots and no roots provided E0627 15:58:07.146844 1 reflector.go:133] Failed to list *api.Endpoints: Get https://10.254.0.1:443/api/v1beta3/endpoints: x509: failed to load system roots and no roots provided
How can I setup the certificates?
Upvotes: 1
Views: 774
Answers (1)
Reputation: 18200
This has been a common problem for folks that aren't running on setups that use salt to automatically configure system secrets on the master node (as GCE does). This has been fixed at head and should be fixed in the next release.
In the mean time, you can manually create a secret for the DNS service that contains a kubeconfig file for kube2sky to connect to the master. You can see how this is done on GCE by looking at the create-kubeconfig-secret function in kube-addons.sh (when called with the username "system:dns"). The name of the resulting secret should be token-system-dns.
Upvotes: 2
Related Questions
- How to add certificates to Kube config file
- How to use Kubernetes SSL certificates
- kubernetes traffic with own certificates
- Kubernetes / Docker - SSL certificates for web service use
- Kubernetes doesnt create certificates
- Kubernetes user authentication with certificate
- Installing certificates on Kubernetes
- How to properly submit certificate for signing in Kubernetes?
- Certificates for services
- client certificate needed when configuring kubectl