请稍等 ...
×

采纳答案成功!

向帮助你的同学说点啥吧!感谢那些助人为乐的人

x509: certificate signed by unknown authority 错误

老师这个是我制作的kubeconfig文件,使用这个文件是可以登录k8s dashboard的。

root@k8s-master1:/apps/k8s_use/makeca# cat user1.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR1RENDQXFDZ0F3SUJBZ0lVVUh2OVZGWHFXM00xaXhzN1Vwa01janV5cmh3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qSXdPVEF6TVRRME9EQXdXaGdQTWpFeU1qQTRNVEF4TkRRNE1EQmFNR0V4Q3pBSkJnTlYKQkFZVEFrTk9NUkV3RHdZRFZRUUlFd2hJWVc1bldtaHZkVEVMTUFrR0ExVUVCeE1DV0ZNeEREQUtCZ05WQkFvVApBMnM0Y3pFUE1BMEdBMVVFQ3hNR1UzbHpkR1Z0TVJNd0VRWURWUVFERXdwcmRXSmxjbTVsZEdWek1JSUJJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXhmdFlXeERSNEVCVkFaVkZ0OW8zdEw1SE5mNFMKUDk5MndkS2xxckNGeDF4dWJyalZyYWJFOFlhZEU0RWY0bjkzV0RCQ2NWbk5mMEpaQlNWcWZGYlZSeXZ4VWRXSQpTSlJ2bnVQWnNIMmFGd2VjZ0tTZy9NcmRyNUtLbk93Mkd0b0I5cWpiYmVwcmZ1N294Y241bHV6SHdMTWdOTXlWClYyWTdESTB4WUJueHp2QkFFZTNrYjB0NW91ZXdObUdMRU1ja1VOM2ViTEhmdFN4Q1M1Zmh5aGxLV0dwWE5ocVcKNWkwZ2loQlQ2RlVBT05Ga0RUTVNOWTJETk91RnFhZDhXZjNINjBnU1l6R1NoMmNPVDJjVHA4OE8rVUpoaTUvQwpZdnVRMkhvdWxvejN6ZmswTEJWTmRCVkEvZmJEcy9sMVh1MWU5M3hJNEd6cEJjcnlUYzU0SmFYK1Z3SURBUUFCCm8yWXdaREFPQmdOVkhROEJBZjhFQkFNQ0FRWXdFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBakFkQmdOVkhRNEUKRmdRVW1jT09wTGFuS2ZCQ3F2OElORm9ZbnY5Rk1MY3dId1lEVlIwakJCZ3dGb0FVbWNPT3BMYW5LZkJDcXY4SQpORm9ZbnY5Rk1MY3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQldiQmxGd3hTbTVhbFY2RjJNYUhxYjhkRko5CmtINUxpUXRFZmVGemFWbHYxQWNTektObjhXT2lTdjk0Zm43eFNjdm9VT0xLQVFCaloxQlpPelR3djFnUUhqZ00KRkdKTDkrQ2MvdDBvcHVQZk5Sd2tCY3Jhek5kNWx2UnRqeURCNXY1WnhTRFdWZHhNalZTWUx6cERpVys0U2k5NgpuU0I0M2NxMURMc21KQlR4SDRPQU5SUGhZRS80RmdRbUhoZmVVb3hzRGFFMW9KMUVHeEh4OXV4WXRYcjlpQ2VtCklwdGZoVytNZXp4RER0RGppaSt4WEhDT01Zc05QMjdpODZ1TUFTL3VvaVFvN2dMOFZmVkQyVU5vZTF4STZXRDQKZGJLSXZaVjUvUWVGLzdYN0p0RHdhMFQ3TERJN0pBdDQ1N1MvdWtHR3lhSHdvd1liMjl4Q3hWdWEzOEE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://192.168.2.50:6443
  name: cluster1
contexts:
- context:
    cluster: cluster1
    namespace: test
    user: user1
  name: cluster1
current-context: cluster1
kind: Config
preferences: {}
users:
- name: user1
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwRENDQXJpZ0F3SUJBZ0lVRHFIZlJYWit1bkljYmFJMzJsTnFZOWwxdURVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNRMDR4RVRBUEJnTlZCQWdUQ0VoaGJtZGFhRzkxTVFzd0NRWURWUVFIRXdKWQpVekVNTUFvR0ExVUVDaE1EYXpoek1ROHdEUVlEVlFRTEV3WlRlWE4wWlcweEV6QVJCZ05WQkFNVENtdDFZbVZ5CmJtVjBaWE13SUJjTk1qTXdPREExTURrMU9EQXdXaGdQTWpBM016QTNNak13T1RVNE1EQmFNR0F4Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2RDWldsS2FXNW5NUkF3RGdZRFZRUUhFd2RDWldsS2FXNW5NUXd3Q2dZRApWUVFLRXdOck9ITXhEekFOQmdOVkJBc1RCbE41YzNSbGJURU9NQXdHQTFVRUF4TUZRMmhwYm1Fd2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEV0VJU1c5bHdVOUxGNVZ4aGFMUk41eEhXRGVTekUKdG0wT0UwTzVRamxIQXlCRVlpVHpjOW5qVVU3MWJSOW9EaEd1ZnZ3WTVvUkk4ek5RZEdqVktTd1RlVFlRUWlMdwpGQUdsWTlXaGRCWUZ3Uzl4SVB0aDYvUTdpU0VXWGdCeDdwQzJweEoyc052RGt0bU43dUF0NXFHY0ZKaWhuajJGCkMxdWI1TnpJd2gyN2ZiY1Yvbnl1T0JIVE5hY2dyRms4elZ6NUpOZnFXaEdUZk42V3ZTT0hoOFZ0VHE3OENKMjYKa1BmOUNSRXpveFBDb05MeHRTczRxdFhYTXpvYTJTQXdLWmNJZzQ0LzhpeEFmK2h6Mmw0MlJncE1lNWNlZWZtcwpZa0hkRW05clhUc25YalcyVVFkR0s1SU1DQnV0NGVPa2FDOC8vZHJJY01kMnltMlorWlZHaGt5UkFnTUJBQUdqCmZ6QjlNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFkQmdOVkhRNEVGZ1FVMzdVb3JURDY3VkMxdmRQL3ZrVzlrdDV3cnZRdwpId1lEVlIwakJCZ3dGb0FVbWNPT3BMYW5LZkJDcXY4SU5Gb1ludjlGTUxjd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBQW4yKy9Rcy9uQkhScUo2NEt6MFRlWXBKQkJ2QlpFSmNEbVlObnRLVXpqTjVnTTdSdmJqSUlEL3ZEeVcKL1R3and1aVRVYWZWS3pxQy8xM2dzRHZzeWJvNnpVYVBsZEVXVlEyYnkrd2I5ZGxMemxBWlUvWEt0R2lRSGxRWgo2WHFOeXBPU0NhaGdHUkRmaDc2YUNEQTg5RzRQbTBjVXZoaDE1c1B3MzJ6cmhwREJQZXc2aFdNNlFVaHcxb2ZECklYczVwOGNoeVEwVXp2Skp0SVg2V1FGb1FlVU1DMXFaV2NPNHR3amhpN0NTSXM2cmc4bDU3d2VTa01FcjRQZEgKdi9XSVhQQnd0OXlsQnMrcitsWDRBQXBSVnNkNThZeDdxaXdQK2Q1L3RGK0Vuc21zMThMUXA5R0lnMEFTbVZwdQpNWWFnV1J4SkNQNFgybHpIKzlDWlNkdmUvL0E9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMWhDRWx2WmNGUFN4ZVZjWVdpMFRlY1IxZzNrc3hMWnREaE5EdVVJNVJ3TWdSR0lrCjgzUFo0MUZPOVcwZmFBNFJybjc4R09hRVNQTXpVSFJvMVNrc0UzazJFRUlpOEJRQnBXUFZvWFFXQmNFdmNTRDcKWWV2ME80a2hGbDRBY2U2UXRxY1NkckRidzVMWmplN2dMZWFobkJTWW9aNDloUXRibStUY3lNSWR1MzIzRmY1OApyamdSMHpXbklLeFpQTTFjK1NUWDZsb1JrM3plbHIwamg0ZkZiVTZ1L0FpZHVwRDMvUWtSTTZNVHdxRFM4YlVyCk9LclYxek02R3RrZ01DbVhDSU9PUC9Jc1FIL29jOXBlTmtZS1RIdVhIbm41ckdKQjNSSnZhMTA3SjE0MXRsRUgKUml1U0RBZ2JyZUhqcEdndlAvM2F5SERIZHNwdG1mbVZSb1pNa1FJREFRQUJBb0lCQVFEVFpJWjdTaGlPL1VHUgpzVWUwTFpWeEIyaUJDQllFd0o0YmF6elM0eW9MRFhRODg2ckgzQjFNMVl1aTVEdENsN293VnVoL2NvMHFPVGp3CmQ3VGE1QWpKeGtaMGNjdHN5R1VEdmY1R3JZdmQ3UFA3eFBWYXN4ZUIvNTUwSnlwTFdLc0NKU1VmbnZHM1JmcWYKcGtrdUt2Wm5XeE9MYnVnVHphNk8yY2lLWE4vZHVLNlo1cEx1b0FTNzJYaWUyaENIbjFpOTBnRElyckxPbVVhYgpKY2NGTU1zWVNJWTBKN3J4dUo3UUVjTjhrb3UrMld3bkFmRDN1SUhWNzU0TmtWek9BZlBOcWZKUDl5TzVPb2orCkozRk1vMERRRDRwYUFDdFNvL1ArRCtmMkpRekVjbStaZ0ZGSXR2QkVyVGdUcXZ4U3BGWHRZMCtwdi9XTTI3TWUKM0pKbkt0N0JBb0dCQVBFY1FGRlBraDBHOG5vUHZlbWFCa0VrUkZSU0RPUFRaTUk3cTdhaGt3cm1FRldlL1lEdApoWGpSMnFtSExRYjRxRUU1cDZTRlZMSk5tNzVabzZuRnBDTUphVVNveUx5WCttTjk5WHNUbjIzSDFJdXRPSkNJClBKd3UvSzlZZWRvd25oWEt1VGRsallyUFpZUnp3V1pjSjRJTkYrUEFCUGhWWk9yYkJJVzNINWI1QW9HQkFPTkkKc2ZhVSsyZ2xoTk1iZzRZTm9rRFkxMnY1T3dsY3FyY0dRVjY5enNrbTFnNEg4cHA3c2xFR09lUEZLdDJHdmRoTgo0NTc5TUZ0bmNRc1dkUndySW1jVFA5VndrTTdmQkN6elZFUWpKS0UrYTQwcHRJdEJOUjFwTGZKRkNHWXk5aFFQCnozcS82R3FvVDc0U05RYlZuQ1dNUWVob3NHckpWejA0ZzAwK2hWQlpBb0dBVkloRUlIM1dTMmtCSUR4ZXFBVUIKUmx0eHZXSmE5SkZMMVRGWWZacGVWRWJlMlRYNXlQYjlnYU9KbDBBMlVDaGp6U0pxblNyRnpCR2JsZndWZmxNMQp2YmJ4K2tsMnYzQkZNQmFjTno5aytQZERsSWp4dVBLYTFXTS80allSMnFhSzlqYnlBdk1PMGVqdXZhWmIyd2hhCkxhVnJoOFR0dVNjdlQ0dmtKUUZVQ1BrQ2dZRUFoREcyQUx1cWRtck1GSlYrTEN3bDRSMitQampaMDVvb1dRZTAKWWN4NFI1cmxDWWdwM1J4eEhKdElkR2dyaEdsb1pqVDNYWFBaK20veDJnY1gybWhrUEJ1QUZ6Ni9tdk12MUkwNgp4OTdBNFdBUzRpb05ycWtnb1ppWmRyNGNJb1VsaDRtaW5ieWRDOXdWZFhIVmtjSVFiZTVrTHk4azNSZDZQRXR3Cll5OG9EeEVDZ1lBbXhESjBvVkFHdmEzcjJ5dlZVMU1Fc0tEdHpkaGRDVEVxUGpkYmdwSm53Sks2N0FKYTE5WEsKdlk0cFVrRVYxYkY2MUMzN1paWnRwYlRtQ3o2SzBPVWxnNFk2Sy9ieVgxMzZlRnIwa2FLeGdkb2xmNGJWbzVpdwpnb3dKdzJoOE9kQ0NpdkVBNC84OHNxSEZRQXRXbnk4S2w5ZE9aMWcxdHZNYUI2Smx1K0pYdGc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6ImdyV3k3eEN2Y3FoRzJ1YkN3Y2pDVEo1dE42VHgtU29mMHRnQzFhUko0MkkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJ0ZXN0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InVzZXIxLXRva2VuLXpwYm5sIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6InVzZXIxIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiZmVjMTJlNjEtYjg4My00YTZmLTliY2ItZTg3YjJlMDAyM2Q3Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnRlc3Q6dXNlcjEifQ.kbWaayKarMwspTBKyW1wYME-S-knHsenGM0TghUA90Ns4D2o8yKZT0hBMsZo33hl_RcM9kVuieL-Sqr2GDTmKID-HKGhKDwO17hCrvGTFJxAPzQBuEgwUQgrPeSqR9zLcdH7qryZ80usc4RQgydOq3Z5si9EtAJSPsp63vVEjDl-qTXQDyNLN3XakEN4LmppJiLC71BtzXwL6_V6pnPAN_NFZgGu99GhHjmtNymzj1_Zze5pyzOX0wa45dqePITZ3Uq-F2udUHd4lTz1A5Pwi05tMrlc0kRMCmVP-JaFkv2VNIqrEbaUlMNUp1Z1OsMWJSuKDJc5pJqyVX02Anudxg

在K8SWithToken函数中,在不使用ca的时候。BrareaToken使用上面的token的时候,连接k8s会报错:
x509: certificate signed by unknown authority
这个报错和你那个报错 not trusted是不一样的。

还有一个问题:那个CA文件我应该用哪个?使用 user1.kubeconfig文件中certificate-authority-data字段的内容吗?
404_ 2023-08-05 18:27:57
源自:16-5  Token集群外单向认证(上)
762
收起

正在回答 回答被采纳积分+3

1回答

暮闲 2023-08-06 09:17:21

同学你好 CA证书用K8S的根证书 就是你这里的certificate-authority-data,这个字段的值和k8s master节点 /etc/kubernetes/pki/ca.crt的内容是一致的。

0 回复 有任何疑惑可以回复我~
收起回答
  • 提问者 404_ #1 
    我的ca用的是user1.kubeconfig文件中certificate-authority-data字段的值。
BearerTokenFile 用的是 token 字段的值。
但是 仍然报错 x509: certificate signed by unknown authority
    回复 有任何疑惑可以回复我~ 2023-08-06 10:16:03
  • 暮闲 回复 提问者 404_ #2 
    用这个试试看呢  /etc/kubernetes/pki/ca.crt
    回复 有任何疑惑可以回复我~ 2023-08-06 12:16:07
取消 回复

相似问题

x509: certificate signed by unknown authority.
1821 0 2
本章的代码在本地环境remote error: tls: unknown certificate
2981 0 2
500
685 0 3
老师 部署mediasoup demo时候,遇到一个no fullchain.pem 的问题
1045 1 4
Maven编译
2619 0 12

登录后可查看更多问答,登录/注册

问题已解决,确定采纳
还有疑问,暂不采纳
Kubernetes系统精讲 Go语言实战K8S集群可视化
  • 参与学习       391    人
  • 解答问题       264    个

核心知识+高阶应用+原理剖析+二次开发 全方位打通K8S生产实践

了解课程

本课精华内容

问答

请问http 强制转 https 应该咋写

374 11

在centos服务器上 build前端是报错

578 10

2-5课安装k8s多个节点不成功

456 9

client-go链接报env参数问题

517 8

gitness怎么配置持续集成和部署

213 7

查看更多本课问答
意见反馈 帮助中心 APP下载
官方微信