tperelle
commented
2 years ago Replace ${KUBERNETES_PUBLIC_ADDRESS} by $KUBERNETES_PUBLIC_ADDRESS and it works
Open teaouu opened 2 years ago
tperelle
commented
2 years ago Replace ${KUBERNETES_PUBLIC_ADDRESS} by $KUBERNETES_PUBLIC_ADDRESS and it works
carise
commented
11 months ago I ran into this issue as well. I was able to fix it by doing the following
from this step, in the cfssl gencert step, change the hostnames to drop the brackets {} as @tperelle described, i.e.
hostname=10.32.0.1,10.240.0.10,10.240.0.11,10.240.0.12,$KUBERNETES_PUBLIC_ADDRESS,127.0.0.1,$KUBERNETES_HOSTNAMESscp the kubernetes*.pem to the controllers and within the controllers, move those pem to /var/lib/kubernetes/ as described in the controller/API server configuration
zatricky
commented
11 months ago What shell are you using that it isn't working? IIRC curly braces ({ and }) as variable delimiters is a POSIX feature. It is often suggested that you should include the braces in scripts (for example) for compatibility and to reduce ambiguity. 🤔🤷♂️
` curl -v --cacert ca.pem https://${KUBERNETES_PUBLIC_ADDRESS}:6443/version
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. `
Anything that stands out? I don't seem to find this specific SSL error and can't find another issue here that talks about it.
TIA!