Tls: failed to verify certificate: x509: certificate signed by unknown authority" node="master-node"

General Discussions
, ,
1

I am trying to create multi master with single load balancer in k8s.
The load balancer is nginx with ssl, I am using cert boat to create certificate and it is showing all the certificate is there in it.
while trying to initialize the init command in the k8s server with --control-plane-endpoint as nginx server domain.

$ sudo kubeadm init --control-plane-endpoint=my.domain.com:443 --upload-certs --apiserver-advertise-address=172.31.40.245 --pod-network-cidr 10.244.0.0/16.

iam getting this error
“Apr 18 07:26:58 master-node kubelet[34761]: E0418 07:26:58.656108 34761 kubelet_node_status.go:96] “Unable to register node with API server” err=“Post “[https://my.domain.com:443/api/v1/nodes\](https://my.domain.com/api/v1/nodes\)”: tls: failed to verify certificate: x509: certificate signed by unknown authority” node=“master-node””.

version.
Client Version: v1.29.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3

nginx version: nginx/1.18.0 (Ubuntu).

Tried adding the certificates to k8s folder “/etc/kubernetes/pki/”
issue is same.

I am attaching the nginx.conf also.

upstream backend_servers {
server :6443;
server :6443;

}

ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

location / {
# Use the load balancer for proxying requests to backend servers
proxy_pass https://backend_servers;

# Proxy settings
proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        X-Forwarded-Proto $scheme;

}

1 Like
2

I get the same issue, have you fixed it?