Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x509: certificate signed by unknown authority #196

Closed
charmingCh opened this issue Sep 22, 2023 · 0 comments
Closed

x509: certificate signed by unknown authority #196

charmingCh opened this issue Sep 22, 2023 · 0 comments

Comments

@charmingCh
Copy link

hi~
I'm trying this quick-start
I attempted to schedule pod to the arm64 cluster through the amd64 cluster.Task scheduling is fine, but k8s exec/logs cannot run properly.

Failed to load logs: Get "https://192.168.113.169:10250/containerLogs/odi/global-2-b89ls/c?tailLines=502&timestamps=true": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Reason: undefined (500)

amd64 cluster k8s version:v1.20.15-vke.13
arm64 cluster k3s version:v1.20.15+k3s1
cert-manager version:1.10.2
admiralty version:0.14.1
Operating Steps:
i.kubectl --context orin-dev -n odi create serviceaccount huoshan-bj-dev
ii.TOKEN=$(kubectl --context dev -n odi create token huoshan-bj-dev)
iii.

CONFIG=$(kubectl --context orin-dev config view \
    --minify --raw --output json | \
    jq '.users[0].user={token:"'$TOKEN'"} | .clusters[0].cluster.server="https://10.237.1.3:6443"')

iv.

kubectl --context dev -n odi create secret generic orin-dev \
    --from-literal=config="$CONFIG"

v.

cat <<EOF | kubectl --context dev -n odi apply -f -
apiVersion: multicluster.admiralty.io/v1alpha1
kind: Target
metadata:
  name: orin-dev
spec:
  kubeconfigSecret:
    name: orin-dev
EOF

vi.

cat <<EOF | kubectl --context orin-dev -n odi apply -f -
apiVersion: multicluster.admiralty.io/v1alpha1
kind: Source
metadata:
  name: huoshan-bj-dev
spec:
  serviceAccountName: huoshan-bj-dev
EOF

My token like this:

{
  "kind": "Config",
  "apiVersion": "v1",
  "preferences": {},
  "clusters": [
    {
      "name": "default",
      "cluster": {
        "server": "https://10.237.1.3:6443",
        "certificate-authority-data": "xxxxxxx"
      }
    }
  ],
  "users": [
    {
      "name": "default",
      "user": {
        "token": "xxxxxxx"
      }
    }
  ],
  "contexts": [
    {
      "name": "orin-dev",
      "context": {
        "cluster": "default",
        "user": "default"
      }
    }
  ],
  "current-context": "orin-dev"
}

I can schedule nodes over, but I cannot use the k8s API.
Is this in line with expectations?
What could have gone wrong?
Can you give me some suggestions for troubleshooting?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@charmingCh