Comments (1)
brandond
commented on July 24, 2024
--tls-san is not a valid agent flag, nor does it affect the kubelet's serving certificate. That flag only affects the TLS SANs on the supervisor/apiserver certifcate. The kubelet's serving certificate is only valid for a specific list of things: the node's hostname, the node's private IP, and the node's external IP. There is intentionally not any way to inject additional addresses that the kubelet's serving certificate is valid for.
E0618 19:47:32.196663 14962 memcache.go:265] couldn't get current server API group list: Get "https://192.168.0.102:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate is valid for 127.0.0.1, 192.168.0.52, not 192.168.0.102
I therefore check /var/lib/rancher/k3s/agent/serving-kubelet.crt
Why are you looking at the kubelet's certificate? That is for the kubelet, which listens on port 10250. That has nothing to do with the supervisor/apiserver certificate that is present on port 6443.
from k3s.
Related Issues (20)
- Procedure for changing server one of a etcd cluster HOT 2
- Etcd bootstrap conflict HOT 1
- Issue with Embedded Registry Mirror Usage HOT 4
- Validate SUSE Liberty Linux 8.9 HOT 1
- Enhance install script to support Suse Liberty Linux HOT 2
- Add etcd snapshot s3 config secret support
- Multiple simultaneous snapshots result in silent failure and/or corruption of at least one snapshot HOT 2
- [Release-1.29] - Multiple simultaneous snapshots result in silent failure and/or corruption of at least one snapshot HOT 1
- [Release-1.28] - Multiple simultaneous snapshots result in silent failure and/or corruption of at least one snapshot HOT 1
- [Release-1.27] - Multiple simultaneous snapshots result in silent failure and/or corruption of at least one snapshot HOT 1
- kubectl logs selectively timing out based on the host CIDR range HOT 4
- v1.30.2-rc3 Images missing HOT 4
- rpm.rancher.io RHEL 9 packages missing/removed HOT 3
- k3s crashes completely with "Observed a panic: "integer divide by zero"" HOT 10
- Allow configuration of Rootlesskit's CopyUpDirs through an environment variable
- Embedded registry mirror pulling failed
- Snapshot option discrepancy with --etcd-snapshot-name
- Support for dynamic ports all the way up to 65535.
- How can I stop k3s apiserver listening {IP}:6443/static/charts directory? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k3s.