Hi I'm running into issues trying to access my Kubernetes cluster hosted using Google container engine. I want to use the kubectl from an external/remote server (Circle CI) I have gcloud and kubectl installed and I can access my cluster insecurely using
kubectl get pods --server="https://ENDPOINT_IP" --username="USERNAME" --password="PASSWORD" --insecure-skip-tls-verify=true
I want to be able to access it securely using the certificate provided in the 'show credentials' page at the gcloud container cluster overview. So i have created a ca.crt with this certificate string in and passed it via the –certificate-authority flag but i am getting an error:
error: couldn't read version from server: Get https://ENDPOINT_IP: x509: certificate signed by unknown authority
how can i get my certificate signed?
Many thanks, Andy
Best Answer
If you have
gcloud
installed, you should be able to rungcloud container clusters get-credentials NAME
which will grab the client credentials that allowkubectl
to securely connect to your hosted apiserver. It will include the cluster's ca.crt (to authenticate the server endpoint) and a client certificate (used for authentication instead of the password). The credentials will be stored in a "kubeconfig" file (by default located in~/.kube/config
which is also the location thatkubectl
will try to load credentials from by default.