'Kubernetes Dashboard Installation giving x509: certificate signed by unknown authority error
Trying to install kubernetes dashboard in Ubuntu 16.04 resulting in x509: certificate signed by unknown authority error.
Kubernetes cluster with a single node is running fine and deployments are happening too.
Tried enabling apiserver-host property in kubernetes-dashboard.yaml file without any lock.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml Unable to connect to the server: x509: certificate signed by unknown authority
Any suggestions.
Output from kubectl get all -n kube-system
NAME READY STATUS RESTARTS AGE
pod/calico-node-6dgkc 2/2 Running 4 4d23h
pod/calico-node-v8xjr 2/2 Running 0 2d4h
pod/coredns-fb8b8dccf-8jznp 1/1 Running 2 4d23h
pod/coredns-fb8b8dccf-pl87d 1/1 Running 2 4d23h
pod/etcd-ets-kubernetes 1/1 Running 2 4d23h
pod/kube-apiserver-ets-kubernetes 1/1 Running 2 4d23h
pod/kube-controller-manager-ets-kubernetes 1/1 Running 2 4d23h
pod/kube-proxy-24qjz 1/1 Running 0 2d4h
pod/kube-proxy-ccqpn 1/1 Running 2 4d23h
pod/kube-scheduler-ets-kubernetes 1/1 Running 2 4d23h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/calico-typha ClusterIP 10.110.39.31 <none> 5473/TCP 4d23h
service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 4d23h
Error from server (Forbidden): replicationcontrollers is forbidden: User "system:node:ets-kubernetes" cannot list resource "replicationcontrollers" in API group "" in the namespace "kube-system"
Error from server (Forbidden): daemonsets.apps is forbidden: User "system:node:ets-kubernetes" cannot list resource "daemonsets" in API group "apps" in the namespace "kube-system"
Error from server (Forbidden): deployments.apps is forbidden: User "system:node:ets-kubernetes" cannot list resource "deployments" in API group "apps" in the namespace "kube-system"
Error from server (Forbidden): replicasets.apps is forbidden: User "system:node:ets-kubernetes" cannot list resource "replicasets" in API group "apps" in the namespace "kube-system"
Error from server (Forbidden): statefulsets.apps is forbidden: User "system:node:ets-kubernetes" cannot list resource "statefulsets" in API group "apps" in the namespace "kube-system"
Error from server (Forbidden): horizontalpodautoscalers.autoscaling is forbidden: User "system:node:ets-kubernetes" cannot list resource "horizontalpodautoscalers" in API group "autoscaling" in the namespace "kube-system"
Error from server (Forbidden): jobs.batch is forbidden: User "system:node:ets-kubernetes" cannot list resource "jobs" in API group "batch" in the namespace "kube-system"
Error from server (Forbidden): cronjobs.batch is forbidden: User "system:node:ets-kubernetes" cannot list resource "cronjobs" in API group "batch" in the namespace "kube-system"
Output from kubectl get nodes
NAME STATUS ROLES AGE VERSION
ets-kubernetes Ready master 4d23h v1.14.1
ets-node Ready <none> 2d4h v1.14.1
Solution 1:[1]
It would be better if you would specify how did you deploy your cluster but, try to regenerate your cluster certificates. If you used kubeadm
then from control plane node you can run
kubeadm alpha certs renew
For more info check this
EDIT according to update on original post:
According your updated output, as you can see from the events, somehow there are many lines like:
User "system:node:ets-kubernetes" cannot list resource .........
It means, above user doesn't have relevant role to do those actions on specified resources.
To fix this you have to create relevant Role and RoleBindings for this user. You can get more info from official Using RBAC Authorization documentation
Solution 2:[2]
Had the same issue after resetting k8s to defaults while having kubectl proxy
running.
Simply restarting kubectl proxy
fixed the issue :)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | |
Solution 2 | gxtaillon |