Accessing microk8s API for cluster behind router

I have a microk8s cluster composed of several Raspberry Pi 4, behind a Linksys router.

My computer and the cluster router are connected on my ISP router, and are respectively &
The cluster’s subnet is composed of the following :

  • router :
  • microk8s master : (fixed IP)
  • microk8s workers : (via DHCP).

I can ssh from my computer to the master via a port forwarding >

I can nmap the cluster via a port forwarding > (16443 being the API port for microk3s)

But I can’t call the k8s API :

kubectl cluster-info


Unable to connect to the server: x509: certificate is valid for,,, fc00::16d, fc00::dea6:32ff:fecc:a007, not

I’ve tried using the --insecure-skip-tls-verify, but :

error: You must be logged in to the server (Unauthorized)

My local (laptop) config is the following :

> kubectl config view
apiVersion: v1
- cluster:
    certificate-authority-data: DATA+OMITTED
  name: default
- context:
    cluster: default
    user: default
  name: default
current-context: default
kind: Config
preferences: {}
- name: default
    client-certificate-data: REDACTED
    client-key-data: REDACTED

I’d say I’d like to add to the certificate, but all the answers I can find online refer to the --insecure-skip-tls-verify flag.

Can you help please ?

On the main node (i.e. and go to the file /var/snap/microk8s/current/certs/csr.conf.template

Add another IP.99 just before the #MOREIPS.
You will need to get the new kubeconfig again.

Btw i don’t recommend using dhcp on any kubernetes nodes.

Thanks for your reply @balchua1 !

  • I’ve added IP.99 = in the [ alt_names ] section from /var/snap/microk8s/current/certs/csr.conf.template.
  • I’ve stopped and restart microk3s, and refresh-certs
  • I’ve copied the keys from ~/kubeconfig from the master onto my local kubeconfig

I now have the following error.

Unable to connect to the server: x509: certificate signed by unknown authority

Trying with the --insecure-skip-tls-verify flag :

> kubectl cluster-info --insecure-skip-tls-verify

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
error: You must be logged in to the server (Unauthorized)