Closed alban closed 5 years ago
PR updated.
I made some progress: kube-mgmt now connects to the correct API server and it recognises its certificate. However, there is still something wrong with kube-mgmt client certificate, as the API server does not recognise it.
$ kubectl --kubeconfig=seed.kubeconfig -n shoot--core--$NAME exec -ti karydia-775f7579fd-5szx2 -c kube-mgmt -- ./kubectl -v 10 --kubeconfig=/var/lib/kube-mgmt/kubeconfig get pods
...
Response Body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
The error in the API Server logs:
[x509: certificate signed by unknown authority, x509: certificate specifies an incompatible key usage]
PR updated.
TODO:
@schu updated
This fixes the scripts and the documentation to install karydia in the Gardener control plane.
This follows similar work in #36 Fixes https://github.com/kinvolk/karydia/issues/38