-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Help! k3s v0.7.0 generate userKey with ca, authenticate in failure #684
Comments
the generated file:
|
then i change the user credential to admin with username and password, this works fine:
|
can you confirm that your ca.crt is consistent with apiserver's --client-ca-file? |
We are using a separate server-ca and client-ca, it may be that the cluster certificate-authority-data needs to be the server-ca, while user client-certificate-data/key needs to be the generated cert/key signed by the client-ca cert/key. |
thx. it works for me now:
|
The scripts and env current i use:
ca1=client-ca |
thx, resolved. |
Same problem, create a script to help create new client cert. |
The problem is that the CA that should sign the certificates for the user is not the same as the server uses for it's API
Generate the key + certificate request
sign the certificate
|
Thank you for the explanation! Two questions:
|
I generated a userKey by ca, with cluster-admin rbac permission.
but got this:
k3s server's log:
my userKey generate scripts:
The text was updated successfully, but these errors were encountered: