This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 68%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Team,
We have AKS 1.19.13 cluster and trying to deploy this kong helm chart which installs kong ingress controller 2.3 and Proxy 2.8. But while spinning ingress-controller container we are getting this error
Failed to get API Group-Resources" error="Get \"https://<ipaddress>:443/api?timeout=32s\": x509: certificate specifies an incompatible key usage"
Error: unable to start controller manager: Get "https://<ipaddress>:443/api?timeout=32s": x509: certificate specifies an incompatible key usage
As per my understanding, kong ingress is trying to reach out Kube api server where this error is coming. It looks like the certificate used for the API server in kubelet has keys added in the x509 v3 Extended Key Usage section which are problematic with an up to date copy of Golang (and to a lesser extent, client-go / controller-runtime). This may suggest that the certificates originally issued on the server were broken in some way.
I have tried understanding this link as well but unable to understand. Anyways, we can't do anything specified here because kube api server is managed by microsoft. By any chance can microsoft team help as its highly impacting our production environment.
Thank you
@prmanhas-MSFT , Hello Preeti.. How are you.. Trust you're doing well. If possible, can you help us with this issue. I think there is some problem within the AKS itself which is not under our control. Would be grateful if you can guide. Thank you.. Looking forward to your reply..
Tanul :)