Skip to main content

K3s issue when trying to access cluster from another machine

problem:

one day you don't know why the hell is going on with kubectl on your machine and you've already copied remote_machine:./kube/config into your local machine and that worked before but now it keep telling wrong api group list or authorized.

kubectl get ns

E0108 21:42:56.860495  805013 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0108 21:42:56.862131  805013 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0108 21:42:56.863214  805013 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0108 21:42:56.864421  805013 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0108 21:42:56.865299  805013 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)

or when you access to the api: 

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {},
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
}

solution:

use the value config from the path into your ~/.kube/config

SSH to your k3s primary server

look for this file

/etc/rancher/k3s/k3s.yaml

view it using cat /etc/rancher/k3s/k3s.yaml

use the value certification inside the file that includes:

certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tC.....
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0....
client-key-data: MgUFJJVkFURSBLRVktLS0t.....

Open your local machine ~/kube/config and replace them 

here is my complete .kube/config file content:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ.....ekZiSVlGcUtNQWlHVk5yMjBaeUMvQml6Y0QKWEpjMzJ0RHF2NHlzOVFua29rVE1GUlYvalA2Z3pqaW9uaXBlQ1lJRVUyMkpvMEl3U.....1DQXFRd0R3WURW.....JNdVV6KzI5QWlCM21n.....Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    server: https://192.168.1.xxx:6443
  name: k3s
contexts:
- context:
    cluster: k3s
    user: son
  name: k3s
current-context: k3s
kind: Config
preferences: {}
users:
- name: son
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JS.....lFlQzh3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOekF3TURVd05UY3lNQ....
    client-key-data: LS0tLS1CRUdJTiBFQyBQUklW....0NBUUVFSU5nQzZqVEh4TUhXNGQ2SnZ5ZGs5OVVqOTBDaFQzMWU2dllkdE5QR2RUSTBvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFa0hOOTRxWVBFS2pVaVUr....

Happy!

image.png

Some useful commands to remember:

kubectl config get-contexts

CURRENT   NAME   CLUSTER   AUTHINFO   NAMESPACE

*         k3s    k3s       son        

kubectl config use-context k3s

No Comments
Back to top