Admin cluster kubeconfig

shayan · July 10, 2024, 11:05am

I am working on a GKE on VMware cluster. Whenever I interact with the admin cluster, I receive the following error:

Unable to connect to the server: x509: certificate has expired or is not yet valid

AlexET · July 29, 2024, 7:58pm

Hi @shayan ! To address the error you mention, you can try the following:

Review certificates: follow the steps provided in the Kubernetes documentation to check certificate expiration or to renew if it has expired.
Correct system time: ensure that the system clock is set to the correct time, if it is incorrect it can cause the certificate to appear invalid.

Hope this helps.

shayan · August 2, 2024, 7:57am

Since the cluster is on GKE on VMware, kubeadm does not work in this case.
I checked the system time using timedatectl, and it is correct. As the hybrid and the rest of the activities are functioning properly, the system time is not an issue.

AlexET · August 2, 2024, 3:00pm

Hi @shayan , apologies that the previous answer didn’t resolve the issue. We are currently reviewing the issue and will provide an update when we have more details.

Thank you for your patience and for reaching out to the community.

grsiepka · August 2, 2024, 3:11pm

@shayan If you have SSH access to your gke-admin-master VM, the file /etc/kubernetes/admin.conf is a kubeconfig you can use to interact with the admin cluster locally to help you in troubleshooting.

(I’m just a GKE user, not a Googler)

shayan · August 3, 2024, 9:55am

Hi @grsiepka ,

The SSH key for the admin cluster nodes is also not working. When I try to interact with the admin cluster using the admin cluster’s kubeconfig, I receive the following error:

Unable to connect to the server: x509: certificate has expired or is not yet valid.

grsiepka · August 5, 2024, 3:34pm

You stated you checked system time earlier and it was right (assuming on your local or on your admin-workstation) but you really should check the same on your gke-admin-master node, but if you can’t ssh into admin-master node i’m not sure how else you can do that. Maybe force sync system time on the VM from Vcenter? (just a guess) Might be worth getting a case open with support IMO. Good luck.

robertwolf12 · August 6, 2024, 8:32am

The “x509: certificate has expired or is not yet valid” error indicates that the admin cluster’s certificate is either expired or not yet valid. Here are some steps to fix it:

Check System Time: Ensure the system time on the admin cluster’s nodes is correct.
Renew Certificates: Renew the certificates for the cluster. You can usually do this with a command like gkectl update credentials or a similar command specific to your setup.

AlexET · October 8, 2024, 8:52pm

Hi everyone, thank you so much for engaging in this discussion and sharing your insights

@shayan , if any of these replies helped, please consider marking one of them as accepted solutions to assist others who might encounter a similar situation.

We appreciate everyone’s participation and look forward to seeing you all engage in the forum.

Topic		Replies	Views
Google Anthos API x509 Certificate Expired Serverless Applications anthos	3	16	December 9, 2022
Apigee Hybrid setup - Internal error while applying overrides Apigee hybrid	1	8	April 16, 2020
K8s deployment Error in Qwicklab learning module. Apigee hybrid , apigee-general	1	11	June 17, 2022

Admin cluster kubeconfig

AI Suggested topics