0

I have seen a couple of solutions for this, all mention just to run gcloud auth login and gcloud container clusters get-credentials ..., but I still get the error.

Eg., if I run kubectl version, I get:

Client Version: version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.11-dispatcher", GitCommit:"f2a77f678d6baccda27740d700f6cba2754dfacf", GitTreeState:"clean", BuildDate:"2020-04-21T04:42:07Z", GoVersion:"go1.12.17", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate signed by unknown authority

I have installed gcloud SDK using these instructions: https://cloud.google.com/sdk/docs/downloads-versioned-archives (tried other instructions, but the outcome was same ...)

Cluster is not private so it doesn't need this: https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-access-for-kubectl#internal_ip

I have installed kubectl with gcloud components install kubectl and when running which kubectl I confirmed that correct one is called:

/home/ajuric/google-cloud-sdk/bin/kubectl

Of course, if I use kubectl from the Cloud Shell, everything works, but I need to use kubectl from my local machine.

Antonio Jurić
  • 541
  • 4
  • 15
  • Possibly related to https://github.com/kubernetes/kubectl/issues/823 and https://github.com/kubernetes/kops/issues/964 – sllopis Jun 18 '20 at 13:53
  • Thanks for fast hints! I have tried the suggested workarounds, but it didn't help. When I use `--insecure-skip-tls-verify=true`, I get `Unable to connect to the server: EOF` – Antonio Jurić Jun 18 '20 at 14:09
  • Maybe something on the GKE side needs to be adjusted to allow the remote (from local machine) kubectl connection ...? But didn't find any mention of it ... – Antonio Jurić Jun 18 '20 at 14:30
  • 1
    Have you already created a cluster? After creating your cluster, you will need to get authentication credentials to interact with the cluster. Please follow the [documentation - quickstart](https://cloud.google.com/kubernetes-engine/docs/quickstart#local-shell) and [documentation - k8s](https://kubernetes.io/docs/tasks/tools/install-kubectl/#verifying-kubectl-configuration) and let me know about the results. – sllopis Jun 18 '20 at 14:50
  • Yes, the cluster is created and heavily used already ... Since I had problems with using kubectl from the remote machine, I was using it from the Cloud Shell. But now I got to the point where I need to use it also on the local machine ... I will try to create the new cluster using those instructions and report back here, even though I think I already did that some time ago and the result was the same ... – Antonio Jurić Jun 18 '20 at 14:59
  • And yes, as mentioned in the question, I did fetch the authentication credentials using `gcloud container clusters get-credentials ...` – Antonio Jurić Jun 18 '20 at 15:00
  • if you perform gcloud auth list in the shell and on your local machine, do you see the same user? The error message is usually because the current user does not have sufficient permissions to pull the right config. – Patrick W Jun 18 '20 at 20:34
  • Also, compare the ~/.kube/config from the cloud shell environment to the one on your local machine, they should be the same. If not, copy the config from the cloud shell to your local machine – Patrick W Jun 18 '20 at 20:35
  • @Patrick, Yes, I already tried copying config from cloud shell because they did differ, but the error was the same. I forgot to mention it ... – Antonio Jurić Jun 18 '20 at 20:51
  • About the gcloud auth list - I need to try it when I get to the laptop ... – Antonio Jurić Jun 18 '20 at 20:53
  • Please try the things that we mentioned out and report back once you have the results. My hunch at this point is that there might be a misconfiguration. – sllopis Jun 19 '20 at 08:18
  • I have inspected the output from `gcloud auth list`: the user is the same on the local machine and in the cloud shell. Also, I have checked the .kube/config: both local and cloud shell are the same. – Antonio Jurić Jun 19 '20 at 09:28
  • You can explore this solution [link](https://stackoverflow.com/a/57701551/11198184) – Mahboob Jul 03 '20 at 20:13

0 Answers0