Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x509: cannot validate certificate for <WORKER_NODE_IP> because it doesn't contain any IP SANs #4814

Open
MugenTwo opened this issue Jan 8, 2025 · 1 comment
Open

x509: cannot validate certificate for <WORKER_NODE_IP> because it doesn't contain any IP SANs #4814

MugenTwo opened this issue Jan 8, 2025 · 1 comment

Comments

@MugenTwo
Copy link

MugenTwo commented Jan 8, 2025
edited
Loading

Summary

My setup is:

  1. Ubuntu server inside HyperV running MicroK8s (the host of the hyperv is the windows server). I followed the standard installation: https://microk8s.io/docs/getting-started
  2. Windows server 2022 (which is the host of the hyperv that has the ubuntu server that has microk8s) running worker node installed following: https://microk8s.io/docs/add-a-windows-worker-node-to-microk8s
  3. The cluster seems to be connected and I can run windows containers inside the windows worker node and linux containers in the ubuntu server microk8s (control plane + worker node).
  4. This is what I see when I do a kubectl get nodes
    image
  5. However, there are cert issues whenever I do certain operations on pods running in the Windows worker node like kubectl log, kubectl port-forward:
    image

What Should Happen Instead?

There should NOT be cert errors.

Reproduction Steps

  1. Ubuntu server inside HyperV running MicroK8s (the host of the hyperv is the windows server). I followed the standard installation: https://microk8s.io/docs/getting-started
  2. Windows server 2022 (which is the host of the hyperv that has the ubuntu server that has microk8s) running worker node installed following: https://microk8s.io/docs/add-a-windows-worker-node-to-microk8s
  3. Run any windows container in a pod.
  4. Do a "kubectl log" on the pod.

Introspection Report

inspection-report-20250108_222436.tar.gz

Can you suggest a fix?

I've tried to:

  1. Initially I install Kubernetes services version 1.27.1, and I got the cert error.
  2. So, I decided to uninstall this version 1.27.1 and then I installed 1.32.0 because my control plane (microk8s) had this version.
  3. I tried deleting the cert: C:\var\lib\kubelet\pki and then restarting the kubelet.
  4. I also checked how the kubelet was being run in the kubelet,out.log that is under "C:\k" and I printed the kubelet.exe parameters:
    image
  5. From what I read online the IP SAN might be dependant on the --node-ip, but the --node-ip in kubelet.exe args seems correct in my case.

Are you interested in contributing with a fix?
@MugenTwo MugenTwo mentioned this issue Jan 8, 2025
Open
@MugenTwo
Copy link
Author

MugenTwo commented Jan 8, 2025

I'm linking this issue to the issue I created in calico: projectcalico/calico#9683
As I think it might have something to do with the integration with Calico.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MugenTwo