helm: x509: certificate signed by unknown authority
In my case, I was running for a single self-manage and the config file was also container ca-file, so the following the above answer was throwing below error
Error: Kubernetes cluster unreachable: Get "https://XX.XX.85.154:6443/version?timeout=32s": x509: certificate is valid for 10.96.0.1, 172.31.25.161, not XX.XX.85.154
And my config was
- cluster:
certificate-authority-data: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
server: https://54.176.85.154:6443
insecure-skip-tls-verify: true
So I had to remove the certificate-authority-data
.
- cluster:
server: https://54.176.85.154:6443
insecure-skip-tls-verify: true
In my case the error was caused by an untrusted certificate from the Helm repository.
Downloading the certificate and specifying it using the --ca-file
option solved the issue (at least in Helm version 3).
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository
--ca-file
string, verify certificates of HTTPS-enabled servers using this CA bundle
As a workaround you can try to disable certificate verification. Helm uses the kube config file (by default ~/.kube/config
). You can add insecure-skip-tls-verify: true
for the cluster
section:
clusters:
- cluster:
server: https://cluster.mysite.com
insecure-skip-tls-verify: true
name: default
Did you already try to reinstall helm/tiller?
kubectl delete deployment tiller-deploy --namespace kube-system
helm init
Also check if you have configured an invalid certificate in the cluster configuration.
Use --insecure-skip-tls-verify
to skip tls verification via command line
helm repo add stable --insecure-skip-tls-verify https://charts.helm.sh/stable