Unable to start meshery after installing it

Meshery
1

Following error is coming up after installing meshery and unable to start meshery on kubernetes:

Starting Meshery...
⣻ Deploying Meshery on KubernetesError: failed to start Meshery
See https://docs.meshery.io/reference/mesheryctl/system for usage details
: could not install meshery server: Kubernetes cluster unreachable: Get "https://192.168.49.2:8443/version": tls: failed to verify certificate: x509: certificate signed by unknown authority
could not install meshery-operator: Kubernetes cluster unreachable: Get "https://192.168.49.2:8443/version": tls: failed to verify certificate: x509: certificate signed by unknown authority

Does anyone knows the solution of the error.

2

@Yana_Gupta I got this error before, if you are using ubuntu (or any linux distribution), your certificate of minikube (assuming you’re using minikube) isn’t authorized in your system i try following step, I hope it will work.

  1. copy .minikube/ca.crt in trusted certificates directory sudo cp ~/.minikube/ca.crt /usr/local/share/ca-certificates/

  2. update ca-certificates sudo update-ca-certificates

if you’re not using minikube then find path of your ca.crt you might find it in kubeconfig file.

Thank you.

3 Likes
3

Thanks @Zaki_Shaikh for you help.

4

@Yana_Gupta

In the docs, you’ll find an extra step that would require you to minify your kubeconfig for Minikube env.

kubectl config view --minify --flatten > config_minikube.yaml

Reference: Minikube | Meshery

That should fix that tls: failed to verify certificate: x509: error

5

There is an old thread on this topic that suggests remediations for this situation.

1 Like
6

For me the issue is resolved when I went to ~/.kube/config and changed certificate-authority-data, client-certificate-data, client-key-data previously the value of these where pointed out in folder structure after the minikube start command when I ran this command kubectl config view --minify --flatten > config_minikube.yaml it replaced the folder path to the actual path in the config_minikube.yaml I copied them and replaced in the ~/.kube/config file and then ran the mesheryctl system start then the in-cluster installation is successful.

2 Likes
7

For CentOS/Fedora users:

  1. copy .minikube/ca.crt in trusted certificates directory
sudo cp ~/.minikube/ca.crt /etc/pki/ca-trust/source/anchors/
  1. update ca-certificates
sudo update-ca-trust

My kubectl version(fyi):

Client Version: v1.28.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.27.4
8

@Sankalp where do these steps breakdown? Minikube | Meshery

9

Actually, I was able to resolve the x509: error by doing the above so just added that.

1 Like