kubectl unable to connect to server: x509: certificate signed by unknown authority
I faced the kubernetes error kubectl unable to connect to server: x509: certificate signed by unknown authority while I was trying to setup Anthos Service Mesh and enable automatic sidecar injection.
kubectl unable to connect to server: x509: certificate signed by unknown authority
I got the above error when I was trying to enable auto-injection for sidecar proxies. To enable auto-injection, I had to add a revision label tp the project’s namespace. Therefore, I ran the following kubectl command.
$ kubectl -n istio-system get pods -l app=istiod --show-labels
The above command is used to locate the revision label of istiod. But I got the following error after running the above command.
$ kubectl -n istio-system get pods -l app=istiod --show-labels kubectl unable to connect to server: x509: certificate signed by unknown authority
Troubleshooting
First thing that I had check is my kubectl config entries using the following command.
$ kubectl config view
Everything seems to be fine with respect to the entries. And while I was installing Anthos Service Mesh, by default Mesh CA was enabled and it is the defailt CA for ASM installs. Therefore, the entries or configuration related to certificates were correct.
I figured out that, while enabling auto-injection, I forgot to set the current-context for kubectl from the command line. You need to set the current-context for the kubectl by running the following command.
$ gcloud container clusters get-credentials CLUSTER_NAME \
--project=PROJECT_ID
For example,
$ gcloud container clusters get-credentials cluster-1 --zone us-east1-c --project sneppets21
After setting the current-context I tried to run the following command again to locate revision label of istiod.
$ kubectl -n istio-system get pods -l app=istiod --show-labels NAME READY STATUS RESTARTS AGE LABELS istiod-asm-191-1-86ccfd8654-fdw4z 1/1 Running 0 4h app=istiod,install.operator.istio.io/owning-resource=unknown,istio.io/rev=asm-191-1,istio=istiod,operator.istio.io/component=Pilot,pod-template-hash=86ccfd8654,sidecar.istio.io/inject=false istiod-asm-191-1-86ccfd8654-mzcts 1/1 Running 0 4h app=istiod,install.operator.istio.io/owning-resource=unknown,istio.io/rev=asm-191-1,istio=istiod,operator.istio.io/component=Pilot,pod-template-hash=86ccfd8654,sidecar.istio.io/inject=false
Ah! the kubernetes error kubectl unable to connect to server: x509: certificate signed by unknown authority has gone away now.
Therefore, in my case the above error was due to not setting the current-context for kubectl.
Hope this solution will help some who might be facing similar issue in the GCP 🙂
- How to Explore Docker Container’s File System ?
- Docker EXPOSE Port only to the Host on Google Cloud
- Get Docker Container’s IP Address from the Host
- Copy Files between Host and Docker Container
- What is ImagePullBackOff status on a Kubernetes pod ?
- Set or change root password in Ubuntu Linux
- How to list all Containers running in Kubernetes Pod ?
- How to find which users belongs to a specific group in linux
- Give write permissions for specific user or group for specific folder in linux
- How to remove an image tag from docker hub ?
- Build a Docker Image with a Dockerfile and Cloud Build in GCP?
- How to create GCP project on Google Cloud Platform
- MariaDB – How to set max_connections permanently ?
- Create GCP project on Google Cloud Platform
- Is it possible to change Google Cloud Platform Project ID ?
- Create non-root SSH user account and provide access to specific folders
- Delete docker repository from the docker hub
- Unable to connect to the server: dial tcp i/o timeout