"x509: certificate signed by unknown authority" - SSL Load Balancer
brokencode64 opened this issue · 1 comments
brokencode64 commented
I've setup kube-oidc-proxy with dex(ldap) and gangway on eks. Gangway signs into ldap via dex just fine, however when I try to use the kubeconfig that is generated I get the following error:
Unable to connect to the server: x509: certificate signed by unknown authority
On the kube-oidc-proxy pod itself I see this:
http: TLS handshake error from x.x.x.x:25302: remote error: tls: bad certificate
I generated the certs for dex/kube-oidc via this script, just modifying the url.
Both Dex and kube-oidc-proxy have their own ssl loadbalancers defined like so:
---
apiVersion: v1
kind: Service
metadata:
name: dex
namespace: kube-system
annotations:
external-dns.alpha.kubernetes.io/hostname: dex.example.com
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
spec: type: LoadBalancer
ports:
name: dex
port: 443
nodePort: 30643
targetPort: 5556
selector:
app: dex
brokencode64 commented
I just needed the proper value in gangway for " clusterCAPath:".