Help: Unable to connect to the server: x509: certificate signed by unknown authority
mpicard opened this issue · comments
Help needed: I think I have mis-configured my resource because I'm getting the following output:
Initializing kubectl...
Cluster "default" set.
User "admin" set.
Context "default" created.
Switched to context "default". Client Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.4", GitCommit:"5ca598b4ba5abb89bb773071ce452e33fb66339d", GitTreeState:"clean", BuildDate:"2018-06-06T08:13:03Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}
Unable to connect to the server: x509: certificate signed by unknown authority
my resource:
- name: resource-chart
type: helm
source:
cluster_url: ((concourse-cluster-url))
cluster_ca: ((concourse-cluster-ca))
token: ((concourse-cluster-token))
My concourse is from stable/concourse and I'm using k8s secrets, using the --from-literal
. The ca is my ca in base64 and the token is from kubectl config view -o jsonpath="{.users[?(@.name == \"$(kubectl config current-context)\")].user.auth-provider.config.access-token}"
. I have a basic knowledge of k8s so I'm not sure if I've configured the resource-chart
properly or obtained the correct token
? I tried other options like admin_key
/admin_cert
but I got further with token
.
It looks like your cluster_ca is somehow wrong. Did you maybe base64 encode it twice?
What can help in such cases is a fly hijack -b 12345
to the helm step. You can then see the input values (a tmp file I think in the userhome) and change the script /opt/resources/out
to give you debugging infos.