UNABLE_TO_VERIFY_LEAF_SIGNATURE k8s Javascript client

I am trying to programmatically connect to my AWS EKS cluster using the official k8s JavaScript Client. I wanted to try and use loadFromOptions(), instead of loadFromDefault(). So, from the README.md of the library repo, I was able to come up with the following

const k8s = require('@kubernetes/client-node');
const kc = new k8s.KubeConfig();

const cluster = {
    name: 'NAME',
    server: 'SERVER',
};
const user = {
    name: 'NAME',
    exec: {
        apiVersion: 'client.authentication.k8s.io/v1alpha1',
        args: [
            '--region',
            'us-east-1',
            'eks',
            'get-token',
            '--cluster-name',
            'NAME',
        ],
        command: 'aws',
        env: [
            {
                name: 'AWS_PROFILE',
                value: 'NAME'
            }
        ]
    }
}
const context = {
    name: 'NAME',
    user: user.name,
    cluster: cluster.name,
};

kc.loadFromOptions({
    clusters: [cluster],
    users: [user],
    contexts: [context],
    currentContext: context.name,
});

const k8sApi = kc.makeApiClient(k8s.CoreV1Api);

k8sApi.listNamespacedPod('default').then((res) => {
    console.log(res.body);
});

But unfortunately, I am hit with this error, where am I going wrong?

error

Answer

The error message is complaining that it does not know the cluster’s certificate issuer.
Your cluster object needs one of the following properties to specify the certificate authority:

  • caFile: Filename containing the certificate authority
  • caData: Base64-encoded contents of the certificate authority file

According to the AWS documentation, you should be able to retrieve the certificate authority as “the certificateAuthority.data that was created for your cluster”.

Source: stackoverflow
The answers/resolutions are collected from stackoverflow, are licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0 .