Hi I'm running into issues trying to access my Kubernetes cluster hosted using Google container engine. I want to use the kubectl from an external/remote server (Circle CI) I have gcloud and kubectl installed and I can access my cluster insecurely using
kubectl get pods --server="https://ENDPOINT_IP" --username="USERNAME" --password="PASSWORD" --insecure-skip-tls-verify=true
I want to be able to access it securely using the certificate provided in the 'show credentials' page at the gcloud container cluster overview. So i have created a ca.crt with this certificate string in and passed it via the –certificate-authority flag but i am getting an error:
error: couldn't read version from server: Get https://ENDPOINT_IP: x509: certificate signed by unknown authority
how can i get my certificate signed?
Many thanks, Andy
Best Answer
If you have
gcloudinstalled, you should be able to rungcloud container clusters get-credentials NAMEwhich will grab the client credentials that allowkubectlto securely connect to your hosted apiserver. It will include the cluster's ca.crt (to authenticate the server endpoint) and a client certificate (used for authentication instead of the password). The credentials will be stored in a "kubeconfig" file (by default located in~/.kube/configwhich is also the location thatkubectlwill try to load credentials from by default.