Configuration error? - Githubissues

databricks / click

The "Command Line Interactive Controller for Kubernetes"

Apache License 2.0

1.49k stars 84 forks source link

Configuration error? #21

Open zmsp opened 6 years ago

zmsp commented 6 years ago

Hello, all the commends return invalid certificate error. Would appreciate if you point out what I am missing. I am able to run all the Kubectl commands via the ~/.kube/config. Thanks.

[admin-cluster.local] [default] [none] > nodes
Hyper error: invalid certificate: InvalidReferenceNam

nicklan commented 6 years ago

Hrmm, seems like your certificate might be a bit odd. The WebPKI crate we use is very strict (I'd actually like to have it be less strict).

Do you have access to the public cert your apiserver is using for tls? If so, could you paste the output of openssl x509 -in [the-cert] -text -noout, but only the X509v3 extensions part (no need to make your cert more public).

If not, I can give you a bit more complex a set of commands to figure out what cert it's using.

CarstonSchilds commented 6 years ago

X509v3 extensions:
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 Key Usage: 
                Digital Signature, Non Repudiation, Key Encipherment
            X509v3 Subject Alternative Name: 
                DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:localhost, DNS:node1, DNS:node2, IP Address:192.168.1.240, IP Address:192.168.1.240, IP Address:192.168.1.241, IP Address:192.168.1.241, IP Address:10.233.0.1, IP Address:127.0.0.1

ogre0403 commented 6 years ago

I have same issue. My openssl output is:

X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
            X509v3 Authority Key Identifier:

            X509v3 Subject Alternative Name:
                DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster, DNS:kubernetes.default.svc.cluster.local, IP Address:127.0.0.1, IP Address:192.168.2.31, IP Address:192.168.2.31, IP Address:10.68.0.1

juliohm1978 commented 6 years ago

Same issue here. Running click at the master node, using the default /root/.kube/config created when Kubernetes was installed by Kubespray.

[none] [none] [none] > context admin-cluster.local
[admin-cluster.local] [none] [none] > pods
Hyper error: invalid certificate: InvalidReferenceName
[admin-cluster.local] [none] [none] >

The same config works fine with kubectl.

$ kubectl get pods
NAME                                    READY     STATUS    RESTARTS   AGE
networker-deployment-75676fc5f5-jl9s8   1/1       Running   0          3d
stresscpu-769f4d99d6-mk8tp              1/1       Running   0          1d
stressmem-6d798d8884-m927w              1/1       Running   2          1d