What does `kubectl get endpoints kubernetes` show in your case ? -Mayur
On Thu, May 10, 2018 at 2:28 AM, Vinita <vjo...@etouch.net> wrote: > Hi Alan, > > Thanks for your reply. I tried your workaround but the certificate is not > valid for master's internal IP address. I get below error - > Unable to connect to the server: x509: certificate is valid for > 35.224.109.130, 10.118.16.1, 172.16.0.2, not 172.16.0.3Thanks, > Vinita > > On Wednesday, May 9, 2018 at 12:03:19 PM UTC-7, Alan Grosskurth wrote: >> >> Hi Vinita, >> >> I believe the problem is that currently "gcloud container clusters >> get-credentials" always writes the master's external IP address to >> ~/.kube/config. So kubectl always talks to that external IP address (via >> the external IP address of the VM it's running on). >> >> You should be able to modify ~/.kube/config on your VM to tell kubectl to >> talk to the master's internal IP address. >> >> First, find the endpoint resource containing the master's internal IP >> address. For example: >> >> $ kubectl get endpoints kubernetes >> NAME ENDPOINTS AGE >> kubernetes 172.16.0.1:443 1d >> >> Then open ~/.kube/config and find the section for your cluster. For >> example: >> >> apiVersion: v1 >> clusters: >> - cluster: >> certificate-authority-data: REDACTED >> server: https://104.198.205.71 >> name: gke_myproject_us-central1-c_mycluster >> >> Replace the external address (https://104.198.205.71) with the internal >> address (https://172.16.0.1). The kubectl command should now work, >> provided Master Authorized Networks allows access from the VM's internal IP >> address. Note that all of these IP addresses will be different depending on >> your environment. >> >> Let me know if this helps. I agree this isn't very straightforward---I'm >> looking into potential ways this setup could be improved. >> >> Thanks, >> >> ---Alan >> >> On Tue, May 8, 2018 at 12:01 PM Vinita <vjo...@etouch.net> wrote: >> >>> I have created a private cluster and VM in the same network. I added >>> VM's internal IP in private cluster's master authorized network. From VM, >>> after obtaining cluster credentials, I am not able to execute kubectl >>> commands. However, if I add VM's external IP to master authorized network >>> I am able to execute kubectl commands. This behavior is not consistent with >>> the documentation. Not sure if I am missing something here. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Kubernetes user discussion and Q&A" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to kubernetes-use...@googlegroups.com. >>> To post to this group, send email to kubernet...@googlegroups.com. >>> Visit this group at https://groups.google.com/group/kubernetes-users. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > You received this message because you are subscribed to the Google Groups > "Kubernetes user discussion and Q&A" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to kubernetes-users+unsubscr...@googlegroups.com. > To post to this group, send email to kubernetes-users@googlegroups.com. > Visit this group at https://groups.google.com/group/kubernetes-users. > For more options, visit https://groups.google.com/d/optout. > -- Thanks, Mayur -- You received this message because you are subscribed to the Google Groups "Kubernetes user discussion and Q&A" group. To unsubscribe from this group and stop receiving emails from it, send an email to kubernetes-users+unsubscr...@googlegroups.com. To post to this group, send email to kubernetes-users@googlegroups.com. Visit this group at https://groups.google.com/group/kubernetes-users. For more options, visit https://groups.google.com/d/optout.