question

TaB-8489 avatar image
0 Votes"
TaB-8489 asked TaB-8489 edited

x509 Keys used for kube api server are incompatible in Azure kubernetes

Team,

We have AKS 1.19.13 cluster and trying to deploy this kong helm chart which installs kong ingress controller 2.3 and Proxy 2.8. But while spinning ingress-controller container we are getting this error

 Failed to get API Group-Resources" error="Get \"https://<ipaddress>:443/api?timeout=32s\": x509: certificate specifies an incompatible key usage"
 Error: unable to start controller manager: Get "https://<ipaddress>:443/api?timeout=32s": x509: certificate specifies an incompatible key usage

As per my understanding, kong ingress is trying to reach out Kube api server where this error is coming. It looks like the certificate used for the API server in kubelet has keys added in the x509 v3 Extended Key Usage section which are problematic with an up to date copy of Golang (and to a lesser extent, client-go / controller-runtime). This may suggest that the certificates originally issued on the server were broken in some way.

I have tried understanding this link as well but unable to understand. Anyways, we can't do anything specified here because kube api server is managed by microsoft. By any chance can microsoft team help as its highly impacting our production environment.

Thank you


azure-kubernetes-service
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@prmanhas-MSFT , Hello Preeti.. How are you.. Trust you're doing well. If possible, can you help us with this issue. I think there is some problem within the AKS itself which is not under our control. Would be grateful if you can guide. Thank you.. Looking forward to your reply..

Tanul :)

0 Votes 0 ·

0 Answers