Kube-apiserver https Unauthorized

Jun_Zhang · July 10, 2018, 7:44am

Hi, guys! I create admin cert use following commands:

cd /opt/k8s/cert
cat > admin-csr.json <<EOF
{
  "CN": "admin",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "BeiJing",
      "L": "BeiJing",
      "O": "system:masters",
      "OU": "4Paradigm"
    }
  ]
}
EOF
cfssl gencert -ca=/etc/kubernetes/cert/ca.pem \
  -ca-key=/etc/kubernetes/cert/ca-key.pem \
  -config=/etc/kubernetes/cert/ca-config.json \
  -profile=kubernetes admin-csr.json | cfssljson -bare admin

then I use them to curl kube-apiserver https port, it failed with Unauthorized:

$ curl  --cacert /etc/kubernetes/cert/ca.pem --cert  admin.pem  --key admin-key.pem https://172.27.132.65:6443
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
}

Anyone can help?

Topic		Replies	Views
User authentication failing General Discussions	2	2447	January 2, 2021
Kubectl fail all commands - forbidden General Discussions	3	2242	November 3, 2019
Error: failed to create secret Post "https://192.168.1.2:6443/api/v1/namespaces/default/secrets?fieldManager=kubectl-create&fieldValidation=Strict": tls: failed to verify certificate: x509: certificate signed by unknown authority General Discussions development	1	3047	February 4, 2024
A kubeconfig file "/etc/kubernetes/admin.conf" exists already but has got the wrong API Server URL General Discussions	0	3978	December 13, 2018
Apiserver ssl certificate re-installation General Discussions	0	892	November 28, 2019

Kube-apiserver https Unauthorized

Related topics