kamel install: cannot find k8s-certificates

[k0pper]

Error

Installing camel-k on a minikube cluster worked completely fine. But on a real cluster (OnPrem) using the kamel intsall command gives me this error:

Error: cannot get current namespace: invalid configuration: unable to read certificate-authority certs/k8s-stage/k8s-ca.crt for k8s-stage due to open certs/k8s-stage/k8s-ca.crt: no such file or directory

Failed solutions

I checked my local certs. The k8s-ca.crt is present. I redownloaded it from the server which hosts the kubernetes cluster:
curl --create-dirs -s http://KUBERNETES-SERVER.com/ca.pem -o ${HOME}/.kube/certs/k8s-stage/k8s-ca.crt

Afterwards, I reconfigured kubectl to use the set certificate and the server

kubectl config set-cluster k8s-stage \
    --certificate-authority=${HOME}/.kube/certs/k8s-stage/k8s-ca.crt \
    --server=https://KUBERNETES-SERVER.com:6443

And still I get the error.

As I understood it, I need to give my kubectl client the certificate which is needed to interact with the kubernetes cluster. Strange enough, I can still interact with it and only kamel commands give me this error. I can still for instance list pods in the namespace.

Any ideas? Is there something I do not understand correctly?

[astefanutti]

This looks ok at first glance. The certificate should be loaded relative to the kubeconfig file path. Could you double check the KUBECONFIG environment variable, and confirm you run kubectl and kamel with the same user / environment?

Also, one thing to try would be to change the relative path with the corresponding absolute path, by edition the kubeconfig file directly.

[nicolaferraro]

Yeah, I've tried to follow your configuration and agree with @astefanutti, it seems kubectl and kamel are not using the same conf, because when they are they throw the same errors:

$ kubectl config set-cluster k8s-stage --certificate-authority=${HOME}/.kube/certs/k8s-stage/k8s-ca.crt --server=https://KUBERNETES-SERVER.com:6443
$ kubectl config set-credentials pippo --username=pippo --password=uXFGweU9
$ kubectl config set-context k8s-stage --cluster k8s-stage --user pippo
$ kubectl config use-context k8s-stage
$ kubectl config set-context --current --namespace default

$ kamel get
Error: cannot get command client: invalid configuration: unable to read certificate-authority /home/nferraro/.kube/certs/k8s-stage/k8s-ca.crt for k8s-stage due to open /home/nferraro/.kube/certs/k8s-stage/k8s-ca.crt: no such file or directory

# note the full certificate file path

# but I also have
$ kubectl get pod
error: unable to read certificate-authority /home/nferraro/.kube/certs/k8s-stage/k8s-ca.crt for k8s-stage due to open /home/nferraro/.kube/certs/k8s-stage/k8s-ca.crt: no such file or directory

# If I try to put a CRT (the one of google.com)
$ mkdir -p ~/.kube/certs/k8s-stage/
$ cp /tmp/k8s-ca.crt ~/.kube/certs/k8s-stage/

# Both accept the certificate and try to contact the (non-existent) cluster:

$ kubectl get pod
The connection to the server KUBERNETES-SERVER.com:6443 was refused - did you specify the right host or port?

$ kamel get
Unable to retrieve the operator version: Get "https://KUBERNETES-SERVER.com:6443/api?timeout=32s": dial tcp 127.0.0.1:6443: connect: connection refused
Error: Get "https://KUBERNETES-SERVER.com:6443/api?timeout=32s": dial tcp 127.0.0.1:6443: connect: connection refused

[k0pper]

This looks ok at first glance. The certificate should be loaded relative to the kubeconfig file path. Could you double check the KUBECONFIG environment variable, and confirm you run kubectl and kamel with the same user / environment?

Also, one thing to try would be to change the relative path with the corresponding absolute path, by edition the kubeconfig file directly.

The second part of your answer was the solution to my problem. I edited the config file at /Users/myuser/.kube/config and changed the relative path to the absolute one. I don't know why it can't find the relative path, even though the config file is at the same folder-level as the certs directory.