Hi all, we recently rotated our AKS certificate an...
# kubernetes
Hi all, we recently rotated our AKS certificate and now can no longer access kubernetes with the pulumi k8provider. The certificate (kubeconfig) works with lens and our deployment agents in DevOps pipelines. Any ideas on what the issue is?
kubernetesapps/v1Deployment (default/chart): error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://***********.hcp.westus2.azmk8s.io:443/openapi/v2?timeout=32s": x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "ca")
Again, this started after a kube cert rotation. When I print the kubeconfig it is correct.
Copy code
kubeconfig = creds.kubeconfigs[0].value.apply(
    lambda enc: base64.b64decode(enc).decode())

k8s_provider = k8s.Provider(
Copy code
pulumi.export("kubeconfig", kubeconfig)
kubeconfig matches what lens is using and lens works.
@victorious-exabyte-70545 what’s in your state?
pulumi state export
- i bet the kubeconfig is still stored in state with the wrong cert
That is probably it! Do I export, update kubeconfig, import?
Stack that is
You can do a refresh of the urn. I’m on mobile so can’t share how to do that. Expert and update would work too