kiranchavala opened a new issue, #11579: URL: https://github.com/apache/cloudstack/issues/11579
### problem Kubeconfig generated by the CKS has SSL issues ### versions ACS 4.20.x ### The steps to reproduce the bug 1. Register a kubernetes ISO https://download.cloudstack.org/cks/setup-v1.33.1-calico-x86_64.iso 2. Deploy a CKS cluster with the above k8s version 3. Get the kube config 4. Connect to the k8s cluster with kubeconfig ``` [root@ref-trl-9330-k-Mol8-kiran-chavala-mgmt1 ~]# kubectl get nodes E0826 08:38:22.972280 24772 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://10.0.54.63:6443/api?timeout=32s\": tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 10.1.1.88, not 10.0.54.63" E0826 08:38:22.983236 24772 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://10.0.54.63:6443/api?timeout=32s\": tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 10.1.1.88, not 10.0.54.63" E0826 08:38:22.993498 24772 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://10.0.54.63:6443/api?timeout=32s\": tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 10.1.1.88, not 10.0.54.63" E0826 08:38:23.006959 24772 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://10.0.54.63:6443/api?timeout=32s\": tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 10.1.1.88, not 10.0.54.63" E0826 08:38:23.017774 24772 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://10.0.54.63:6443/api?timeout=32s\": tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 10.1.1.88, not 10.0.54.63" Unable to connect to the server: tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 10.1.1.88, not 10.0.54.63 ``` ``` kubectl get nodes --v=8 I0904 14:20:46.471420 42826 loader.go:402] Config loaded from file: /Users/kiranchavala/.kube/config I0904 14:20:46.472904 42826 envvar.go:172] "Feature gate default state" feature="ClientsAllowCBOR" enabled=false I0904 14:20:46.472922 42826 envvar.go:172] "Feature gate default state" feature="ClientsPreferCBOR" enabled=false I0904 14:20:46.472927 42826 envvar.go:172] "Feature gate default state" feature="InformerResourceVersion" enabled=false I0904 14:20:46.472934 42826 envvar.go:172] "Feature gate default state" feature="WatchListClient" enabled=false I0904 14:20:46.479120 42826 helper.go:113] "Request Body" body="" I0904 14:20:46.479944 42826 round_trippers.go:470] GET https://10.0.57.147:6443/api/v1/nodes?limit=500 I0904 14:20:46.479950 42826 round_trippers.go:476] Request Headers: I0904 14:20:46.479956 42826 round_trippers.go:480] Accept: application/json;as=Table;v=v1;g=meta.k8s.io,application/json;as=Table;v=v1beta1;g=meta.k8s.io,application/json I0904 14:20:46.479959 42826 round_trippers.go:480] User-Agent: kubectl/v1.32.1 (darwin/arm64) kubernetes/e9c9be4 I0904 14:20:46.899083 42826 round_trippers.go:581] Response Status: in 419 milliseconds I0904 14:20:46.899138 42826 round_trippers.go:584] Response Headers: I0904 14:20:46.899396 42826 helpers.go:264] Connection error: Get https://10.0.57.147:6443/api/v1/nodes?limit=500: tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 10.1.1.93, not 10.0.57.147 Unable to connect to the server: tls: failed to verify certificate: x509: certificate is valid for 10.96.0.1, 10.1.1.93, not 10.0.57.147 ``` Workaround Pass the following flag kubectl --insecure-skip-tls-verify=true ### What to do about it? End user should be able to connect to the cluster without passing any flag This issue was not present earlier -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
