Welcome to the Linux Foundation Forum!

Lab 5.1 - Configuring TLS Access and minikube

I am running minikube version: v1.12.0 using Docker driver
which run Kubernetes v1.18.3
I also have kubectl v1.18.6

On Lab 5.1, I am unable to use curl to access the HTTPS endpoint on my machine at https://172.17.0.2:8443
I believe these are relevant info from my ~/.kube/config for my certificates:

certificate-authority: ~/.minikube/ca.crt
client-certificate: ~/.minikube/profiles/minikube/client.crt
client-key: ~/.minikube/profiles/minikube/client.key

So for step 7, I tried running the following but got the following error:
curl --cert ~/.minikube/profiles/minikube/client.crt --key ~/.minikube/profiles/minikube/client.key --cacert ~/.minikube/ca.crt https://172.17.0.2:8443/api/v1/namespaces/default/pods

curl: (35) You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert.

BTW: I am able to workaround this via the running kubectl proxy (which was able to listen on 127.0.0.1:8001), allowing me to do curl http://127.0.0.1:8001/api/v1/namespaces/default/pods, but then I am not using TLS certs which defeats the purpose of this lab.

Any help with using TLS certs with curl and minikube this would be appreciated.

Comments

  • serewicz
    serewicz Posts: 1,000

    Hello,

    First off, if you had followed the steps in the course you would be running v1.18.1, and the versions would match between kubeadm, kubelet, and kubectl. Minikube has its own issues, so I would encourage you to look at using virtual box, or some other tool instead. Minikube does not allow for a multi-node cluster and has some other considerations, which is why we do not mention or suggest it in the exercise guide.

    Past that ensure that you have no firewalls in place and that all the tools and network configuration you are using allows all traffic to go to and from the VM.

    Regards,

Categories

Upcoming Training