0

is there any option to see what request is reaching apiserver? I'm struggling with error

authentication.go:104] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid

Certs are valid. Master node is ready and all operations (kubectl command etc.) works fine.
So I want to know what request cannot be validate. I already added --audit-log-path="" flag to apiserver but the log file was not created.

RedBluff
  • 1
  • 2
  • Just setting `--audit-log-path=""` is only half the job, one must configure an [audit policy](https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/#audit-policy) to tell it _what_ to log – mdaniel Jul 11 '22 at 19:04
  • is it possible to edit kube-apiserver command in latest k8s versions? I tried editing manifest/kube-apiserver.yaml but container doesn't start. – RedBluff Jul 12 '22 at 07:05
  • "but container doesn't start ..." and instead does what? You will need to use `docker logs` or `ctr logs` to see what it complained about before kubelet tried to restart it – mdaniel Jul 12 '22 at 14:24

0 Answers0