1

docker desktop on mac is getting error:

Unable to connect to the server: x509: certificate signed by unknown authority

The following answers didn't helped much:

My system details:

  • Operating system: macOS Big Sur Version 11.6

  • Docker desktop version: v20.10.12

  • Kubernetes version: v1.22.5

When I do:

kubectl get pods

I get the below error:

Unable to connect to the server: x509: certificate signed by unknown authority
Wytrzymały Wiktor
  • 11,492
  • 5
  • 29
  • 37
Amit Meena
  • 2,884
  • 2
  • 21
  • 33
  • 1
    check which context you are using for connecting with the k8s cluster and check your certificate details in `.kube/config` file details – Harsh Manvar Mar 07 '22 at 05:59
  • it is using correct context i.e docker-desktop – Amit Meena Mar 07 '22 at 08:59
  • There are a lot of possible reasons why it happens. Have you tried to reset the kubernetes cluster in docker desktop? Do you use the latest available version of docker desktop? I have macOS 12.0.1 and docker desktop 4.5.0. It always starts without any issues. – moonkotte Mar 07 '22 at 12:55
  • before docker desktop i have tried rancher desktop and i can see context and cluster meta for that also, performing a clean up using command kubectl config delete-context and kubectl config delete-cluster commands – Amit Meena Mar 07 '22 at 15:46
  • 1
    @AmitMeena Oh, that may be the answer. Untick "enable kubernetes", then delete `~/.kube` where config is stored and then re-enable the kubernetes. Most likely config is still presented from previous rancher installation. – moonkotte Mar 08 '22 at 09:41
  • 1
    @moonkotte exactly that is what I did and resolved the issue. Can you make an answer and I can accept it – Amit Meena Mar 08 '22 at 14:00

2 Answers2

5

Posting the answer from comments

As appeared after additional questions and answers, there was a previous installation of rancher cluster which left its traces: certificate and context in ~/.kube/config.

The solution in this case for local development/testing is to delete entirely ~/.kube folder with configs and init the cluster from the scratch.

moonkotte
  • 3,661
  • 2
  • 10
  • 25
  • 1
    This is probably going to be a common issue as more people try `rancher-desktop` first, then re-install `docker-desktop` for some legacy compatibility reasons. – tdensmore Mar 01 '23 at 19:24
3

If you are using a corporate laptop, and everything you do goes through a proxy, you will get this message. Hence, when docker desktop tries to connect to the server defined in ~/.kube/config, it will try to go through the proxy and you will need the cert issued by the company. Long story short, you are getting blocked by the the company... To fix, you can add the no proxy props, adding what ever value server: internal.docker defined in~/.kube/config . Meaning, if I am connecting to docker cluster which runs locally in my laptop, do not direct my traffic through proxy.

When doing docker info, after setting no proxy, you should see something like this.

docker info | grep -i proxy

 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal,localhost,127.0.0.1,.local,.us.example.com,.examplecorp.com,.examplevcn.com,kubernetes.docker.internal
  hubproxy.docker.internal:5000
z atef
  • 7,138
  • 3
  • 55
  • 50