search

khuedoan / homelab

Fully automated homelab from empty disk to running services with a single command.
https://homelab.khuedoan.com
GNU General Public License v3.0
7.9k stars 705 forks source link

Kubernetes cluster unreachable: x509: certificate signed by unknown authority #137

Closed danghung-dev closed 4 months ago

danghung-dev commented 4 months ago

Describe the bug

Kubernetes cluster unreachable: Get "https://10.86.101.237:6443/version?timeout=32s": x509: certificate signed by unknown authority

To reproduce

Steps to reproduce the behavior:

  1. make tools
  2. make configure
  3. make

Expected behavior

Install Cilium successful

Additional context

PLAY [Install Kubernetes addons] ****

TASK [Gathering Facts] ** task path: /Users/hung/Documents/work/projects/bonbon/devops/homelab/homelab/metal/cluster.yml:8 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: hung <127.0.0.1> EXEC /bin/sh -c 'echo ~hung && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /Users/hung/.ansible/tmp"&& mkdir "echo /Users/hung/.ansible/tmp/ansible-tmp-1707405895.8739681-57683-170731144738156" && echo ansible-tmp-1707405895.8739681-57683-170731144738156="echo /Users/hung/.ansible/tmp/ansible-tmp-1707405895.8739681-57683-170731144738156" ) && sleep 0' Using module file /opt/homebrew/Cellar/ansible/9.1.0/libexec/lib/python3.12/site-packages/ansible/modules/setup.py <127.0.0.1> PUT /Users/hung/.ansible/tmp/ansible-local-37939fn4uftby/tmporq7m4x3 TO /Users/hung/.ansible/tmp/ansible-tmp-1707405895.8739681-57683-170731144738156/AnsiballZ_setup.py <127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/hung/.ansible/tmp/ansible-tmp-1707405895.8739681-57683-170731144738156/ /Users/hung/.ansible/tmp/ansible-tmp-1707405895.8739681-57683-170731144738156/AnsiballZ_setup.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c '/opt/homebrew/Cellar/ansible/9.1.0/libexec/bin/python /Users/hung/.ansible/tmp/ansible-tmp-1707405895.8739681-57683-170731144738156/AnsiballZ_setup.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /Users/hung/.ansible/tmp/ansible-tmp-1707405895.8739681-57683-170731144738156/ > /dev/null 2>&1 && sleep 0' ok: [localhost]

TASK [cilium : Install Cilium] ** task path: /Users/hung/Documents/work/projects/bonbon/devops/homelab/homelab/metal/roles/cilium/tasks/main.yml:1 <127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: hung <127.0.0.1> EXEC /bin/sh -c 'echo ~hung && sleep 0' <127.0.0.1> EXEC /bin/sh -c '( umask 77 && mkdir -p "echo /Users/hung/.ansible/tmp"&& mkdir "echo /Users/hung/.ansible/tmp/ansible-tmp-1707405896.28049-59290-215381416397339" && echo ansible-tmp-1707405896.28049-59290-215381416397339="echo /Users/hung/.ansible/tmp/ansible-tmp-1707405896.28049-59290-215381416397339" ) && sleep 0' Using module file /opt/homebrew/Cellar/ansible/9.1.0/libexec/lib/python3.12/site-packages/ansible_collections/kubernetes/core/plugins/modules/helm.py <127.0.0.1> PUT /Users/hung/.ansible/tmp/ansible-local-37939fn4uftby/tmppal4bew1 TO /Users/hung/.ansible/tmp/ansible-tmp-1707405896.28049-59290-215381416397339/AnsiballZ_helm.py <127.0.0.1> EXEC /bin/sh -c 'chmod u+x /Users/hung/.ansible/tmp/ansible-tmp-1707405896.28049-59290-215381416397339/ /Users/hung/.ansible/tmp/ansible-tmp-1707405896.28049-59290-215381416397339/AnsiballZ_helm.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c '/opt/homebrew/Cellar/ansible/9.1.0/libexec/bin/python /Users/hung/.ansible/tmp/ansible-tmp-1707405896.28049-59290-215381416397339/AnsiballZ_helm.py && sleep 0' <127.0.0.1> EXEC /bin/sh -c 'rm -f -r /Users/hung/.ansible/tmp/ansible-tmp-1707405896.28049-59290-215381416397339/ > /dev/null 2>&1 && sleep 0' fatal: [localhost]: FAILED! => { "changed": false, "command": "/opt/homebrew/bin/helm list --output=yaml --filter cilium", "invocation": { "module_args": { "api_key": null, "atomic": false, "binary_path": null, "ca_cert": null, "chart_ref": "cilium", "chart_repo_url": "https://helm.cilium.io", "chart_version": "1.15.0-rc.1", "context": null, "create_namespace": false, "dependency_update": false, "disable_hook": false, "force": false, "history_max": null, "host": null, "kubeconfig": null, "name": "cilium", "post_renderer": null, "purge": true, "release_name": "cilium", "release_namespace": "kube-system", "release_state": "present", "release_values": { "k8sServiceHost": "127.0.0.1", "k8sServicePort": 6444, "kubeProxyReplacement": true, "l2announcements": { "enabled": true }, "operator": { "replicas": 1 } }, "replace": false, "set_values": null, "skip_crds": false, "timeout": null, "update_repo_cache": false, "validate_certs": true, "values": { "k8sServiceHost": "127.0.0.1", "k8sServicePort": 6444, "kubeProxyReplacement": true, "l2announcements": { "enabled": true }, "operator": { "replicas": 1 } }, "values_files": [], "wait": false, "wait_timeout": null } } }

STDERR:

Error: Kubernetes cluster unreachable: Get "https://10.86.101.237:6443/version?timeout=32s": x509: certificate signed by unknown authority

MSG:

Failure when executing Helm command. Exited 1. stdout: stderr: Error: Kubernetes cluster unreachable: Get "https://10.86.101.237:6443/version?timeout=32s": x509: certificate signed by unknown authority

danghung-dev commented 4 months ago

Fix by disable firewall systemctl disable firewalld reboot