You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By default, with the installation of a Windows node a self-signed kubelet.crt is created.
Currently, there's two issues with the certificate that's created.
It does not include any IP SANs
Because it's self-signed, the certificate authority is not trusted.
This breaks functionality related to "kubectl exec" and "kubectl logs" when accessing resources on a Windows node.
The introduction of "--kubelet-certificate-authority=${SNAP_DATA}/certs/ca.crt" flag by default enables the validation of the certificates which causes all of these new issues.
As a workaround, either the certificate on the windows node needs to be created manually and signed by the control plane certificate or
the line "--kubelet-certificate-authority=${SNAP_DATA}/certs/ca.crt" can be removed from "/var/snap/microk8s/current/args/kube-apiserver"
The text was updated successfully, but these errors were encountered:
It would be useful if the Windows worker nodes was updated to include instructions for generating that certificate for worker nodes, such that kubelet proxy calls are trusted.
microk8s/microk8s-resources/default-args/kube-apiserver
Line 30 in 66176f2
By default, with the installation of a Windows node a self-signed kubelet.crt is created.
Currently, there's two issues with the certificate that's created.
This breaks functionality related to "kubectl exec" and "kubectl logs" when accessing resources on a Windows node.
The introduction of "--kubelet-certificate-authority=${SNAP_DATA}/certs/ca.crt" flag by default enables the validation of the certificates which causes all of these new issues.
As a workaround, either the certificate on the windows node needs to be created manually and signed by the control plane certificate or
the line "--kubelet-certificate-authority=${SNAP_DATA}/certs/ca.crt" can be removed from "/var/snap/microk8s/current/args/kube-apiserver"
The text was updated successfully, but these errors were encountered: