kelseyhightower / kubernetes-the-hard-way

Bootstrap Kubernetes the hard way. No scripts.
Apache License 2.0
41.26k stars 14.12k forks source link

cURL failed - Bootstrapping the Kubernetes Control Plane #704

Open teaouu opened 2 years ago

teaouu commented 2 years ago

` curl -v --cacert ca.pem https://${KUBERNETES_PUBLIC_ADDRESS}:6443/version

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. `

Anything that stands out? I don't seem to find this specific SSL error and can't find another issue here that talks about it.

TIA!

tperelle commented 2 years ago

Replace ${KUBERNETES_PUBLIC_ADDRESS} by $KUBERNETES_PUBLIC_ADDRESS and it works

carise commented 1 year ago

I ran into this issue as well. I was able to fix it by doing the following

from this step, in the cfssl gencert step, change the hostnames to drop the brackets {} as @tperelle described, i.e.

hostname=10.32.0.1,10.240.0.10,10.240.0.11,10.240.0.12,$KUBERNETES_PUBLIC_ADDRESS,127.0.0.1,$KUBERNETES_HOSTNAMES

scp the kubernetes*.pem to the controllers and within the controllers, move those pem to /var/lib/kubernetes/ as described in the controller/API server configuration

zatricky commented 1 year ago

What shell are you using that it isn't working? IIRC curly braces ({ and }) as variable delimiters is a POSIX feature. It is often suggested that you should include the braces in scripts (for example) for compatibility and to reduce ambiguity. 🤔🤷‍♂️