'Kubernetes Dashboard Installation giving x509: certificate signed by unknown authority error

Trying to install kubernetes dashboard in Ubuntu 16.04 resulting in x509: certificate signed by unknown authority error.

Kubernetes cluster with a single node is running fine and deployments are happening too.

Tried enabling apiserver-host property in kubernetes-dashboard.yaml file without any lock.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml Unable to connect to the server: x509: certificate signed by unknown authority

Any suggestions.

Output from kubectl get all -n kube-system

NAME                                         READY   STATUS    RESTARTS   AGE
pod/calico-node-6dgkc                        2/2     Running   4          4d23h
pod/calico-node-v8xjr                        2/2     Running   0          2d4h
pod/coredns-fb8b8dccf-8jznp                  1/1     Running   2          4d23h
pod/coredns-fb8b8dccf-pl87d                  1/1     Running   2          4d23h
pod/etcd-ets-kubernetes                      1/1     Running   2          4d23h
pod/kube-apiserver-ets-kubernetes            1/1     Running   2          4d23h
pod/kube-controller-manager-ets-kubernetes   1/1     Running   2          4d23h
pod/kube-proxy-24qjz                         1/1     Running   0          2d4h
pod/kube-proxy-ccqpn                         1/1     Running   2          4d23h
pod/kube-scheduler-ets-kubernetes            1/1     Running   2          4d23h

NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                  AGE
service/calico-typha   ClusterIP   10.110.39.31   <none>        5473/TCP                 4d23h
service/kube-dns       ClusterIP   10.96.0.10     <none>        53/UDP,53/TCP,9153/TCP   4d23h
Error from server (Forbidden): replicationcontrollers is forbidden: User "system:node:ets-kubernetes" cannot list resource "replicationcontrollers" in API group "" in the namespace "kube-system"
Error from server (Forbidden): daemonsets.apps is forbidden: User "system:node:ets-kubernetes" cannot list resource "daemonsets" in API group "apps" in the namespace "kube-system"
Error from server (Forbidden): deployments.apps is forbidden: User "system:node:ets-kubernetes" cannot list resource "deployments" in API group "apps" in the namespace "kube-system"
Error from server (Forbidden): replicasets.apps is forbidden: User "system:node:ets-kubernetes" cannot list resource "replicasets" in API group "apps" in the namespace "kube-system"
Error from server (Forbidden): statefulsets.apps is forbidden: User "system:node:ets-kubernetes" cannot list resource "statefulsets" in API group "apps" in the namespace "kube-system"
Error from server (Forbidden): horizontalpodautoscalers.autoscaling is forbidden: User "system:node:ets-kubernetes" cannot list resource "horizontalpodautoscalers" in API group "autoscaling" in the namespace "kube-system"
Error from server (Forbidden): jobs.batch is forbidden: User "system:node:ets-kubernetes" cannot list resource "jobs" in API group "batch" in the namespace "kube-system"
Error from server (Forbidden): cronjobs.batch is forbidden: User "system:node:ets-kubernetes" cannot list resource "cronjobs" in API group "batch" in the namespace "kube-system"

Output from kubectl get nodes

NAME             STATUS   ROLES    AGE     VERSION
ets-kubernetes   Ready    master   4d23h   v1.14.1
ets-node         Ready    <none>   2d4h    v1.14.1

Kubectl output.PNG enter image description here

Certificate Error.PNG enter image description here



Solution 1:[1]

It would be better if you would specify how did you deploy your cluster but, try to regenerate your cluster certificates. If you used kubeadm then from control plane node you can run

kubeadm alpha certs renew

For more info check this

EDIT according to update on original post:

According your updated output, as you can see from the events, somehow there are many lines like:

User "system:node:ets-kubernetes" cannot list resource .........

It means, above user doesn't have relevant role to do those actions on specified resources.

To fix this you have to create relevant Role and RoleBindings for this user. You can get more info from official Using RBAC Authorization documentation

Solution 2:[2]

Had the same issue after resetting k8s to defaults while having kubectl proxy running.

Simply restarting kubectl proxy fixed the issue :)

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2 gxtaillon