Comments (1)
brandond
commented on July 24, 2024
--tls-san is not a valid agent flag, nor does it affect the kubelet's serving certificate. That flag only affects the TLS SANs on the supervisor/apiserver certifcate. The kubelet's serving certificate is only valid for a specific list of things: the node's hostname, the node's private IP, and the node's external IP. There is intentionally not any way to inject additional addresses that the kubelet's serving certificate is valid for.
E0618 19:47:32.196663 14962 memcache.go:265] couldn't get current server API group list: Get "https://192.168.0.102:6443/api?timeout=32s": tls: failed to verify certificate: x509: certificate is valid for 127.0.0.1, 192.168.0.52, not 192.168.0.102
I therefore check /var/lib/rancher/k3s/agent/serving-kubelet.crt
Why are you looking at the kubelet's certificate? That is for the kubelet, which listens on port 10250. That has nothing to do with the supervisor/apiserver certificate that is present on port 6443.
from k3s.
Related Issues (20)
- [Release-1.28] - `k3s etcd-snapshot` commands run against server specified in config file, instead of local server HOT 1
- [Release-1.27] - `k3s etcd-snapshot` commands run against server specified in config file, instead of local server HOT 1
- kube-proxy with ipvs and lc does not work as expected (perhaps a conflict with flannel rules) HOT 3
- [Release-1.30] - Agent loadbalancer may deadlock when servers are removed
- [Release-1.30] - `k3s etcd-snapshot` commands run against server specified in config file, instead of local server HOT 1
- Update the Traefik chart HOT 1
- Respect XDG base directory HOT 3
- Install script fails without sudo due to missing $SUDO prefix in transactional-update commands
- Logging of kube-scheduler HOT 5
- NVIDIA GPU detection doesn't work with all the drivers & toolkits installed HOT 2
- Containerd not installed by startup script - invalid capacity 0 on image filesystem warning when starting k3s node HOT 3
- SyncLoadBalancerFailed when using a very long (yet valid) service name
- "Section 3 Control Plane Configuration" in CIS Kubernetes Benchmark v1.8.0 is not applicable for K3s hardening ?
- K3s Multus + Whereabouts doesn't work
- v1.30.2+k3s2: 502 bad gateway when trying to get pod logs HOT 2
- Certificate rotation has no affect on client if server directory is present HOT 1
- Allow duplication of keys in containerd config.toml.tmpl HOT 3
- k3s AWS Credential support
- Critical and high CVEs in Docker images HOT 4
- Bump helm and plugins in klipper-helm image
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k3s.