4

I create k8s cluster in aws by using kops

i wrote kubernetes cluster name : test.fuzes.io

api url : https://api.test.fuzes.io/api/v1

and i fill the CA Certificate field with result of

kubectl get secret {secrete_name} -o jsonpath="{['data']['ca\.crt']}" | base64 --decode

and finally i fill the Service Token field with result of

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')

but when i save changes, i got message

There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid.

and i can't install helm tiller with kubernetes error:404

I really don't know what i did wrong. please help me....

Improve this question
3
  • Can you list all service accounts, roles and role bindings kubectl get sa,roles,rolebindings --all-namespaces Commented Jun 24, 2019 at 11:33
  • 1
    @A_Suh it works well... when deleted and created cluster again... i don't know what's the problem. thank you for your interest Commented Jun 25, 2019 at 0:44
  • @A_Suh Delete the cluster and create it again don't work for me!? Commented Apr 19, 2020 at 14:41

4 Answers 4

Reset to default
6

As @fuzes confirmed cluster re-creation can be a workaround for this issue.

This was also described on a GitLab Issues - Kubernetes authentication not consistent

In short: Using the same Kubernetes cluster integration configuration in multiple projects authenticates correctly on one but not the other.

Another suggestion to work around this by just setting CI Variables (KUBE_NAMESPACE and KUBECONFIG) instead of using our Kubernetes integration.

Hope this will be helpful for future references.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1
  1. Adjust the api URL to https://api.test.fuzes.io:6443 (6443 is the default port kube master listens on for the api-server , if you have it edited then use the custom one ) use this command to validate the port "kubectl cluster-info | grep 'Kubernetes master' | awk '/http/ {print $NF}' "

This command will print the api-server url , you can add it directly in the asked column

  1. Next , for your CA certificate ensure you copy all the command output along with BEGIN CERTIFICATE and END CERTIFICATE

with this you will be able to add the cluster

Improve this answer

Comments

0 
kubectl cluster-info | \ grep 'Kubernetes master' | \ awk '/http/ {print $NF}' return https://control.pomazan.xyz/k8s/clusters/c-t7qr5

But use like https://80.211.195.192:6443 as API URL.

Improve this answer

Comments

-3 
 {"kind": "Status", "apiVersion": "v1", "metadata": { }, "status": "Failure", "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"", "reason": "Forbidden", "details": { }, "code": 403 }

This question is appeared in many people's environment, finally can be resolved!!!

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.