Description of problem: Unable to `oc login` on a mac with latest oc binary. Getting: "error: x509: “kube-apiserver-lb-signer” certificate is not trusted." Workaround available. Version-Release number of selected component (if applicable): MacOS 12.5.1 > oc version Client Version: 4.11.1 Kustomize Version: v4.5.4 Server Version: 4.11.1 Kubernetes Version: v1.24.0+4f0dd4d How reproducible: Consistently Steps to Reproduce: 1.Login to Openshift GUI 2.Copy Login Command 3.Using the command: oc login --token=<redacted> --server=https://<redacted>:6443 error: x509: “kube-apiserver-lb-signer” certificate is not trusted Then tried both true and false: oc login --token=<redacted> --server=https://<redacted>:6443 --insecure-skip-tls-verify=true error: x509: “kube-apiserver-lb-signer” certificate is not trusted oc login --token=<redacted> --server=https://<redacted>:6443 --insecure-skip-tls-verify=false error: x509: “kube-apiserver-lb-signer” certificate is not trusted Actual results: error: x509: “kube-apiserver-lb-signer” certificate is not trusted Expected results: Should be able to log in. Additional info: This is a fresh install of Openshift 4.11 Single Node using default certificates. Workaround: 1. Use the same login command in Linux using the same binary version 2. Copy contents of ~/.kube/config 3. Paste on Mac in same location 4. Do not login, instead: "kubectl config use-context <context name from config>", and it works! Able to do all oc commands as usual. Upon looking at the file, it simply does: - cluster: insecure-skip-tls-verify: true server: <redacted> name: <redacted>:6443
I confirm I also have the same issue.
This seems to be related to https://bugzilla.redhat.com/show_bug.cgi?id=2097830. You'll find further workarounds there as well.