I am looking to run kubectl comamnds using github actions, but seem to have an issue. This issue is the cert generated using microk8s config > config. It seems to only work on my local network. Here is the error:
Unable to connect to the server: x509: certificate is valid for 127.0.0.1, *.*.*.*, *.*.*.*, *.*.*.*, *.*.*.*, *.*.*.*, not *.*.*.*
IP addresses have been removed.
Thoughts on how to fix?
Is your node accessible from the internet via its IP? Or via some DNS?
If via some IP that is not defined in the node’s network interface, you can go to the file /var/snap/microk8s/current/certs/csr.conf.template and add something like this before the #MOREIPS.
IP.99=<your public ip>
And if it is DNS, do the same on the file, but instead of adding IP.99 add DNS.99.
i am choosing 99 just to be sure it doesn’t clash with the keys of your network interfaces ips.
Yes, I can kubectrl with insecure-skip-tls-verify: true from outside my network using IP.
When I do the method you are suggesting do I need to refresh the certs or anything, or does it just work?
EDIT: It just works after the node automatically generates a new cert
It will automatically recreate the certs and restart the apiserver.