I want to change the kuberentes cluster access from ip+port to domain, the legacy access using ip + port like this:
<code>https://102.298.10.29:6443
</code>
<code>https://102.298.10.29:6443
</code>
https://102.298.10.29:6443
then I switched this to domain like this:
<code>https://kubernetes.googel.com
</code>
<code>https://kubernetes.googel.com
</code>
https://kubernetes.googel.com
on the server side, I forward this request to the port 6443 which kubernetes cluster api server listening. But now when I using kubectl to access the cluster:
<code>➜ ~ kubectl --kubeconfig=/Users/xiaoqiangjiang/.kube/admin.conf get nodes
Unable to connect to the server: x509: certificate signed by unknown authority
</code>
<code>➜ ~ kubectl --kubeconfig=/Users/xiaoqiangjiang/.kube/admin.conf get nodes
Unable to connect to the server: x509: certificate signed by unknown authority
</code>
➜ ~ kubectl --kubeconfig=/Users/xiaoqiangjiang/.kube/admin.conf get nodes
Unable to connect to the server: x509: certificate signed by unknown authority
I have checked the server side:
<code>[root@iZm5e2jhfbrshckqh6qdbuZ ~]# kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm-config.yaml
[root@iZm5e2jhfbrshckqh6qdbuZ ~]# vim kubeadm-config.yaml
</code>
<code>[root@iZm5e2jhfbrshckqh6qdbuZ ~]# kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm-config.yaml
[root@iZm5e2jhfbrshckqh6qdbuZ ~]# vim kubeadm-config.yaml
</code>
[root@iZm5e2jhfbrshckqh6qdbuZ ~]# kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm-config.yaml
[root@iZm5e2jhfbrshckqh6qdbuZ ~]# vim kubeadm-config.yaml
the kubeadm-config.yaml config look like this:
<code>apiServer:
certSANs:
- 10.96.0.1
- 172.31.227.20
- 102.298.10.29
- 127.0.0.1
- kubernetes.googel.com
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.29.6
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
</code>
<code>apiServer:
certSANs:
- 10.96.0.1
- 172.31.227.20
- 102.298.10.29
- 127.0.0.1
- kubernetes.googel.com
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.29.6
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
</code>
apiServer:
certSANs:
- 10.96.0.1
- 172.31.227.20
- 102.298.10.29
- 127.0.0.1
- kubernetes.googel.com
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.29.6
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
Am I misssing something?