search

kind-ci / examples

Repository providing samples and testing for running sigs.k8s.io/kind on various CI services
https://sigs.k8s.io/kind
Apache License 2.0
178 stars 41 forks source link

Certificate is invalid for docker with v0.11.1 KIND #35

Open yidongw opened 2 years ago

yidongw commented 2 years ago

I was using the https://github.com/kind-ci/examples/blob/master/.gitlab-ci.yml, but with different versions.

    KUBECTL: v1.23.0
    KIND: v0.11.1

still works fine.

Starting from KIND: v0.12.0, Gitlab CI will give me the following error

$ kubectl get nodes -o wide
Unable to connect to the server: x509: certificate is valid for 582660598-control-plane, kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, localhost, not docker

How can I fix it?

frotsch commented 2 years ago

I have the same issue with v0.14.0 although I include the kubeadmConfigPatchesJSON6902 thing

apiVersion: kind.x-k8s.io/v1alpha4
kind: Cluster
networking:
  apiServerAddress: "0.0.0.0"

# add to the apiServer certSANs the name of the docker (dind) service in order to be able to reach the cluster through it
kubeadmConfigPatchesJSON6902:
  - group: kubeadm.k8s.io
    version: v1beta2
    kind: ClusterConfiguration
    patch: |
      - op: add
        path: /apiServer/certSANs/-
        value: docker
nodes:
  - role: control-plane
  - role: worker
  - role: worker
BenTheElder commented 2 years ago

you're hitting that with v0.14.0 because v1beta2 is no longer the current config version for kubeadm for that kubernetes version in the default image in v0.14.0 of kind, you can just drop the version field in this case since the field you're patching is stable across versions.

v0.11.1 has been a while, I don't recall what we changed to v0.12.0, but docker is not an expected hostname for the Kubernetes API cert under normal kind usage.

I don't have / use gitlab myself, but we accept PRs from users to update these.

yidongw commented 2 years ago

you're hitting that with v0.14.0 because v1beta2 is no longer the current config version for kubeadm for that kubernetes version in the default image in v0.14.0 of kind, you can just drop the version field in this case since the field you're patching is stable across versions.

v0.11.1 has been a while, I don't recall what we changed to v0.12.0, but docker is not an expected hostname for the Kubernetes API cert under normal kind usage.

I don't have / use gitlab myself, but we accept PRs from users to update these.

if docker is not an expected hostname, what is?

What is the config that I can try in my gitlab?

dklimpel commented 1 year ago

My solution is: kubectl config set-cluster kind --insecure-skip-tls-verify=true

BenTheElder commented 1 year ago

if docker is not an expected hostname, what is?

localhost, or the node name.