Skip to content

TLS 1.3 not supported #1285

Description

@Corbeau3000

It becomes impossible to connect to the Kubernetes cluster once the kube-apiserver is configured to accept TLS 1.3 and higher.
The error obtained is :

The SSL connection could not be established, see inner exception.

Stack Trace :

à System.Net.Http.ConnectHelper.d__2.MoveNext()
à System.Threading.Tasks.ValueTask1.get_Result() à System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable1.ConfiguredValueTaskAwaiter.GetResult()
à System.Net.Http.HttpConnectionPool.d__97.MoveNext()
à System.Threading.Tasks.ValueTask1.get_Result() à System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable1.ConfiguredValueTaskAwaiter.GetResult()
à System.Net.Http.HttpConnectionPool.d__78.MoveNext()
à System.Threading.Tasks.TaskCompletionSourceWithCancellation1.<WaitWithCancellationAsync>d__1.MoveNext() à System.Threading.Tasks.ValueTask1.get_Result()
à System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable1.ConfiguredValueTaskAwaiter.GetResult() à System.Net.Http.HttpConnectionPool.<GetHttp2ConnectionAsync>d__80.MoveNext() à System.Threading.Tasks.ValueTask1.get_Result()
à System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable1.ConfiguredValueTaskAwaiter.GetResult() à System.Net.Http.HttpConnectionPool.<SendWithVersionDetectionAndRetryAsync>d__84.MoveNext() à System.Threading.Tasks.ValueTask1.get_Result()
à System.Runtime.CompilerServices.ConfiguredValueTaskAwaitable1.ConfiguredValueTaskAwaiter.GetResult() à System.Net.Http.RedirectHandler.<SendAsync>d__4.MoveNext() à System.Net.Http.HttpClient.<<SendAsync>g__Core|83_0>d.MoveNext() à k8s.Kubernetes.<SendRequestRaw>d__48.MoveNext() à k8s.AbstractKubernetes.<k8s-ICoreV1Operations-ListNamespaceWithHttpMessagesAsync>d__19.MoveNext() à k8s.CoreV1OperationsExtensions.<ListNamespaceAsync>d__15.MoveNext() à k8s.CoreV1OperationsExtensions.ListNamespace(ICoreV1Operations operations, Nullable1 allowWatchBookmarks, String continueParameter, String fieldSelector, String labelSelector, Nullable1 limit, String resourceVersion, String resourceVersionMatch, Nullable1 sendInitialEvents, Nullable1 timeoutSeconds, Nullable1 watch, Nullable1 pretty) à Cogiweb.Logging.Collector.Services.Kubernetes.KubernetesEventWatcher.GetLogs(Nullable1 since, Boolean follow) dans C:\projets\cogiweb.logging\Cogiweb.Logging.Collector\Services\Kubernetes\KubernetesEventWatcher.cs :ligne 59
à Cogiweb.Logging.Collector.Services.Kubernetes.KubernetesEventWatcher.GetTodaysEvents() dans C:\projets\cogiweb.logging\Cogiweb.Logging.Collector\Services\Kubernetes\KubernetesEventWatcher.cs :ligne 39
à Cogiweb.Logging.Collector.Services.EventWatcher.CheckForMissed() dans C:\projets\cogiweb.logging\Cogiweb.Logging.Collector\Services\EventWatcher.cs :ligne 46
à Cogiweb.Logging.Collector.Services.LogCollector.Run() dans C:\projets\cogiweb.logging\Cogiweb.Logging.Collector\Services\LogCollector.cs :ligne 43
à System.Threading.Thread.StartCallback()

Kubernetes C# SDK Client Version
11.0.9

Server Kubernetes Version
1.25.6

Dotnet Runtime Version
net6

To Reproduce
Create a Kubernetes cluster with the following configuration :

cat > ./kubeadm_conf.yml <<EOF
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
nodeRegistration:
  criSocket: "unix:///run/containerd/containerd.sock"

---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
kubernetesVersion: v1.25.6
clusterName: "test"
networking:
  podSubnet: "10.244.0.0/16" # --pod-network-cidr
controlPlaneEndpoint: "[PUT_YOUR_IP_ADDRESS]:6443"
apiServer:
  extraArgs:
    tls-min-version: "VersionTLS13"
EOF
sudo kubeadm init --config ./kubeadm_conf.yml --upload-certs

# Copy the configs:
mkdir -p $HOME/.kube
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Where do you run your app with Kubernetes SDK (please complete the following information):

  • OS: Windows 10
  • Environment : native
  • On prem

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions