X509: certificate signed by unknown authority

Vic_ESupp · April 10, 2022, 9:00pm

After some maintenance on Kubernetes nodes, which created new certs in Kubernetes I got:

Failed to provision volume with StorageClass, rpc error: code = Internal desc = Failed to create volume: … x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kube-ca”)

Is there possibility to re-import, and how, new certs to Portworx, without full reinstallation?

sensre · May 21, 2022, 9:57pm

it looks like the PX process is still referencing the old certificates. Restarting PX on the nodes should fix this.For each node,

Delete oci-mon pod
One the new pod comes up, confirm if oci-mon restarted the PX systemd service. If not, restart it. To restart PX service, you can use the px/service=restart label on the node

Topic		Replies	Views
Portworx on rke etcd issue Portworx on Kubernetes	6	1173	April 1, 2021
Portworx Daemonset failed to start Portworx on Kubernetes	1	601	June 12, 2019
Re-commissioned nodes fail to authenticate against the cluster Portworx on Kubernetes	1	350	September 6, 2023
Fail to start Portworx Portworx on Kubernetes install	1	1061	May 26, 2021
Portworx installation fails with 'Failed to start Portworx: failed to setup internal kvdb Portworx Install install , kvdb	3	748	February 22, 2022

X509: certificate signed by unknown authority

Related Topics