i have problem in executing Kubectl commands, its errors out with 502 certificate error
Unable to connect to the server: x509: certificate signed by unknown authority
I can able to login to az login after that I’m connecting with my AKS cluster by using below command
az aks get-credentials --resource-group sitecore10.x-dev-k8s --name sitecore102-Dev-AKS-v1 --overwrite-existingenter code here
After that executing Kubectl get pods or Kubectl get services but it doesn’t work
already tried adding environment variables
Opened .kube file and opened the same Url in browser , displayed the below error
2
Answers
Resolved I got a chance to resolve this issue. The actual issue is AKS URL (https://AKSInstance.hcp.westus.azmk8s.io:443) is blocked by Company Internet Monitoring Software (Netskope). i raised a support ticket to whitelist the URL https://*.azmk8s.io
How to check the issue : C:Users[YourUserName].kube open config file to identify the AKS URL, try opening the URL directly in the browser, if your getting 401 authentication issue then your good, otherwise if your getting error message related to certificate then it should be your Internet Monitoring software is blocking the AKS URL calls.
I tried to reproduce the same in my environment to connect the AKS cluster from a windows machine:
I have created AKS cluster, like below.
Go to Azure Portal > Kubernetes Services > Create.
Download Kubectl tool here and install the same on a windows machine, like below.
open powershell in CMD and navigate to download folder and run kubectl.exe , like below.
connect your cluster using cloud shell to download .kube.config file. like below.
once connected to the cluster, download the config file to the Local windows machine.
Create a folder with .kube name in your username folder and place the downloaded config file in the same folder.
Now run kubectl cmd to get the AKS cluster details from the windows machine, like below.
Reference: kubectl unable to connect to server: x509: certificate signed by unknown authority by bherto39.