When we disable insecure port, calls to the API Server get x509 errors.
I0923 08:49:36.423555 1 round_trippers.go:424] curl -k -v -XGET -H "Accept: application/json, */*" -H "User-Agent: huawei-cloud-controller-manager/v0.0.0 (linux/amd64) kubernetes/$Format" 'https://192.168.0.199:6443/api/v1/secrets?limit=500&resourceVersion=0'
I0923 08:49:36.430818 1 round_trippers.go:444] GET https://192.168.0.199:6443/api/v1/secrets?limit=500&resourceVersion=0 in 7 milliseconds
I0923 08:49:36.430833 1 round_trippers.go:450] Response Headers:
E0923 08:49:36.430912 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.14/tools/cache/reflector.go:156: Failed to watch *v1.Secret: failed to list *v1.Secret: Get "https://192.168.0.199:6443/api/v1/secrets?limit=500&resourceVersion=0": x509: certificate signed by unknown authority
What you expected to happen:
The call should also succeed for services using certificates signed by unknown authorities.
Or provide an option for me to choose to skip verification.
How to reproduce it (as minimally and precisely as possible):
The k8s cluster API uses the https protocol, which happens when cloud-provider-huaweicloud is started.
Anything else we need to know?:
Environment:
Kubernetes version (use kubectl version): v1.19.16
What happened:
When we disable insecure port, calls to the API Server get x509 errors.
What you expected to happen:
The call should also succeed for services using certificates signed by unknown authorities. Or provide an option for me to choose to skip verification.
How to reproduce it (as minimally and precisely as possible):
The k8s cluster API uses the https protocol, which happens when cloud-provider-huaweicloud is started.
Anything else we need to know?:
Environment:
kubectl version
): v1.19.16https://github.com/kubernetes-sigs/cloud-provider-huaweicloud/issues/116#tasklist-block-a24cba8f-53c7-4721-b426-8137176c56ca