Dolphin
Reputation: 38601
how to add the public ip to X509 certificate when access kubernetes api server
I am deployment a kubernetes v1.22.3 cluster using kubeadm, today when I access api-server from public domain, shows error like this:
2021/08/04 11:20:19 http: proxy error: x509: certificate is valid for 10.96.0.1, 172.29.217.209, not 107.124.83.31
10.96.0.1 is my kubernetes cluster ip address, 172.29.217.209 is my host internal ip address. 107.124.83.31 is my public domain ip address. how to add the public ip 107.124.83.31 into the certificate so that I could access api server from public domain?
Upvotes: 0
Views: 778
Answers (1)
wineinlib
Reputation: 510
you shoud add IPs and domains of APIServer to certSANs in ClusterConfiguration of kubeadm config and kubeadm init --config=<kubeadm-config-file>.
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
apiServer:
certSANs: ['localhost','127.0.0.1']
...
Upvotes: 4
Related Questions
- How to use Kubernetes SSL certificates
- Remote IP based SSL in Kubernetes Ingress
- add alternative IP address to kubernetes api server
- Kubernetes - API Server SSL
- How to access the Kubernetes external IP as HTTPS
- Assign public ip to the service which is running on Kubernetes
- How to expose the Kubernetes API to a Public IP?
- Configuring HTTPS for an internal IP on Azure Kubernetes
- How to access a kubernetes service through https?
- How can I overcome the x509 signed by unknown certificate authority error when using the default Kubernetes API Server virtual IP?