This error only happens if the OIDC provider successfully gave a token to be used in kubectl config set-credentials --token
and the cluster was able to successfully connect to that same OIDC provider to validate the token but found that the token did not include the hostname or IP or the kubectl config set-cluster prod --server
value.
Unable to connect to the server: x509: certificate is valid for
<other CNs, IPs and names>
, not<DNS or IP of --server>
.
Note that the error message only seems to include DNS names (not IPs) when dealing with names in the --server
values. The IPs can be seen when viewing the cert using openssl
.
To fix this the additional DNS entry must be added to the certificate and the API server(s) restarted.
Related: