Bug 2124576
| Summary: | oc login on Mac OS getting: error: x509: “kube-apiserver-lb-signer” certificate is not trusted. | ||
|---|---|---|---|
| Product: | OpenShift Online | Reporter: | Randy E. Oyarzabal <randyo> |
| Component: | Accounts and Billing | Assignee: | Abhishek Gupta <abhgupta> |
| Status: | NEW --- | QA Contact: | yasun |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.x | CC: | thomas.marko |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Mac OS | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I confirm I also have the same issue. This seems to be related to https://bugzilla.redhat.com/show_bug.cgi?id=2097830. You'll find further workarounds there as well. |
Description of problem: Unable to `oc login` on a mac with latest oc binary. Getting: "error: x509: “kube-apiserver-lb-signer” certificate is not trusted." Workaround available. Version-Release number of selected component (if applicable): MacOS 12.5.1 > oc version Client Version: 4.11.1 Kustomize Version: v4.5.4 Server Version: 4.11.1 Kubernetes Version: v1.24.0+4f0dd4d How reproducible: Consistently Steps to Reproduce: 1.Login to Openshift GUI 2.Copy Login Command 3.Using the command: oc login --token=<redacted> --server=https://<redacted>:6443 error: x509: “kube-apiserver-lb-signer” certificate is not trusted Then tried both true and false: oc login --token=<redacted> --server=https://<redacted>:6443 --insecure-skip-tls-verify=true error: x509: “kube-apiserver-lb-signer” certificate is not trusted oc login --token=<redacted> --server=https://<redacted>:6443 --insecure-skip-tls-verify=false error: x509: “kube-apiserver-lb-signer” certificate is not trusted Actual results: error: x509: “kube-apiserver-lb-signer” certificate is not trusted Expected results: Should be able to log in. Additional info: This is a fresh install of Openshift 4.11 Single Node using default certificates. Workaround: 1. Use the same login command in Linux using the same binary version 2. Copy contents of ~/.kube/config 3. Paste on Mac in same location 4. Do not login, instead: "kubectl config use-context <context name from config>", and it works! Able to do all oc commands as usual. Upon looking at the file, it simply does: - cluster: insecure-skip-tls-verify: true server: <redacted> name: <redacted>:6443