Kubernetes-Integration: There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid

Hello together,

we have GitLab running on our local server and also a kubernetes cluster. I want to use the kubernetes integration to deploy the runner on our cluster.

So I followed the instructions on the documentation site and everything went like described:

After i saved alle options (including ip, cert and token) i get the following error:

There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid. 

I verified token and cert with an curl call with exact the same data and i got a valid result from the kubernetes cluster. Furthermore i made the curl call also from our gitlab server machine so that there is no firewall-problem. This worked aswell.

I tailed and grepped the latest logs but the ip adress was not found.

Do you have any ideas, what the problem might be? Are there log files where to look after the connection attempt?

Thanks

1 Like

I’m experiencing the same issue myself. I have not yet resolved it, but here’s what I’ve found so far.

To see a log of the error, you can:

tail -F /var/log/gitlab/gitlab-rails/kubernetes.log

And also:

tail -F /var/log/gitlab/gitlab-rails/production.log

In my case, I use LetsEncrypt for the Kubernetes server. It works fine when I test with CURL, but Gitlab doesn’t like it. I downloaded the root certificates and reconfigured gitlab, like so:

wget https://letsencrypt.org/certs/isrgrootx1.pem.txt -O /etc/gitlab/trusted-certs/isrgrootx1.pem
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt -O /etc/gitlab/trusted-certs/lets-encrypt-x3-cross-signed.pem
sudo rm /var/opt/gitlab/trusted-certs-directory-hash
sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

But I am still getting the same error when trying to add the Kubernetes cluster to my project.

I’m still researching, if I find something I’ll add another response here.

Hello,

the solution in my case was very simple. I entered the kubernetes adress including the path to the api. I missread the documentation at one point. After I corrected the value and set it only to the kubernetes adress, it worked.

Hope it is also that easy in your case.

2 Likes

Here is my solution.
I generate the token according the documentation.
But when I copy the token, my shell soft-wrap the token and ADD new line charater add the end of each line, which cause the error!

3 Likes

Wow, can’t believe this is actually the solution to the issue i had !

How to get Gitlab to print to kubernetes.log? It does not appear to be enabled by default and we’re on the latest 13.5.2 release and no logs are being outputting. I even manually created the file and gave it the same permissions as the other log files in the /var/log/gitlab/gitlab-rails/ directory with no success.

Even after verifying the token and cert are correct (without newlines) we still get the same issue. Kubernetes endpoint is signed by a custom CA so perhaps that could be the issue.

Man I was going crazy over that error! Thank you so much!

1 Like

I’ve just solved issue for me and found a mistake There was a problem authenticating with your cluster. Please ensure your CA Certificate and Token are valid.

  1. Connect existing clusters through cluster certificates (DEPRECATED) | GitLab
  2. keys of notices to myself are below:
  • kubectl get secret default-token-zdz74 -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
    paste to field “CA Certificate”
  • kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab | awk '{print $1}')
    paste to fileld “Service Token”