"Error: An error occurred in the PKS API when processing" when running pks tasks command due to certificate hostname mismatch
search cancel

"Error: An error occurred in the PKS API when processing" when running pks tasks command due to certificate hostname mismatch

book

Article ID: 438161

calendar_today

Updated On:

Products

VMware Tanzu Kubernetes Grid Integrated Edition

Issue/Introduction

  • When attempting to run tkgi commands, such as 'tkgi clusters', the following error is returned: 

    Error: An error occurred in the PKS API when processing

  • From an SSH into the Pivotal Container Service API VM, the /var/vcap/sys/log/pks-api/pks-api.log will contain errors like:

    Hostname <EXAMPLE_HOSTNAME>.domain.com not verified:
        certificate: sha256/###############################
        DN: CN=<EXAMPLE_HOSTNAME>.domain.com, OU=IT, O=domain, L=NewYork, ST=NY, C=US
        subjectAltNames: [<EXAMPLE_HOSTNAME>.domain.com, <EXAMPLE_HOSTNAME>, 10.10.10.10]

    In the above example, <EXAMPLE_HOSTNAME>.domain.com references a hostname that does not match the "API Hostname (FQDN)" setting configured in the TKGI API section of the Tanzu Kubernetes Grid Integrated tile.

Environment

TKGI version is not significant in this failure.

Cause

This problem occurs when the "Certificate to secure the TKGI API" certificate applied in the Tanzu Kubernetes Grid Integrated tile (in Opsman GUI), under the TKGI API section does not match the "API Hostname (FQDN)" entry in the same location.

Resolution

To correct this failure, ensure the certificate created for the TKGI API includes the "API Hostname (FQDN)" entry in the certificate's SAN field. 

Powered by Wolken Software