Open bensternlieb opened 3 months ago
Hi,
After setup on 3 RaspberryPIs, kubectl behaves as expected. However, python client code was failing with:
kubectl
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unsupported certificate purpose
This can be fixed by the following changes in ca.conf:
ca.conf
diff --git a/ca.conf b/ca.conf index eb17657..2cd028e 100644 --- a/ca.conf +++ b/ca.conf @@ -174,8 +174,7 @@ req_extensions = kube-api-server_req_extensions basicConstraints = CA:FALSE extendedKeyUsage = clientAuth, serverAuth keyUsage = critical, digitalSignature, keyEncipherment -nsCertType = client -nsComment = "Kube Scheduler Certificate" +nsComment = "Kube API Server Certificate"
Handy to use the openssl command:
openssl x509 -in kube-api-server.crt -purpose -noout
Not sure if this is the right way to address this issue, and it's weird that kubectl doesn't barf, but now python code works as expected:
Hi,
After setup on 3 RaspberryPIs,
kubectlbehaves as expected. However, python client code was failing with:This can be fixed by the following changes in
ca.conf:Handy to use the openssl command:
Not sure if this is the right way to address this issue, and it's weird that
kubectldoesn't barf, but now python code works as expected: