Closed johncleveland closed 2 years ago
Ran into this as well.
This is due to the security problems of auto-signing a server cert. See the "note" section here https://kubernetes.io/docs/reference/access-authn-authz/kubelet-tls-bootstrapping/#certificate-rotation
The fix is to create manual key & certificate and store them in /var/lib/kubelet/pki/kubelet.crt
and /var/lib/kubelet/pki/kubelet.key
Hi @johncleveland @codecio @simonc6372
We have now merged a major change to bring this to v1.24. This has been addressed as part of the upgrade. Please try it now and feel free to raise further issues.
Regarding worker-2, the idea is not to create manual certificates. With TLS bootstrapping, the cluster issues the certs to the new worker.
In 15-smoke-test.md, if I try
kubectl logs $POD_NAME
I getError from server: Get https://worker-2:10250/containerLogs/default/nginx-5c7588df-qnjb5/nginx: x509: certificate signed by unknown authority
There is a problem with the instructions for TLS Bootstrapping for worker node2.
Please advise, Thanks