helm: x509: certificate signed by unknown authority
As a workaround you can try to disable certificate verification. Helm uses the kube config file (by default ~/.kube/config
). You can add insecure-skip-tls-verify: true
for the cluster
section:
clusters:- cluster: server: https://cluster.mysite.com insecure-skip-tls-verify: true name: default
Did you already try to reinstall helm/tiller?
kubectl delete deployment tiller-deploy --namespace kube-systemhelm init
Also check if you have configured an invalid certificate in the cluster configuration.
In my case the error was caused by an untrusted certificate from the Helm repository.Downloading the certificate and specifying it using the --ca-file
option solved the issue (at least in Helm version 3).
helm repo add --ca-file /path/to/certificate.crt repoName https://example/repository
--ca-file
string, verify certificates of HTTPS-enabled servers using this CA bundle
In my case, I was running for a single self-manage and the config file was also container ca-file, so the following the above answer was throwing below error
Error: Kubernetes cluster unreachable: Get "https://XX.XX.85.154:6443/version?timeout=32s": x509: certificate is valid for 10.96.0.1, 172.31.25.161, not XX.XX.85.154
And my config was
- cluster: certificate-authority-data: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX server: https://54.176.85.154:6443 insecure-skip-tls-verify: true
So I had to remove the certificate-authority-data
.
- cluster: server: https://54.176.85.154:6443 insecure-skip-tls-verify: true