UNABLE_TO_VERIFY_LEAF_SIGNATURE k8s Javascript client

Question

I am trying to programmatically connect to my AWS EKS cluster using the official k8s JavaScript Client . I wanted to try and use loadFromOptions() , instead of loadFromDefault() . So, from the README.md of the library repo, I was able to come up with the following

const k8s = require('@kubernetes/client-node');
const kc = new k8s.KubeConfig();

const cluster = {
    name: 'NAME',
    server: 'SERVER',
};
const user = {
    name: 'NAME',
    exec: {
        apiVersion: 'client.authentication.k8s.io/v1alpha1',
        args: [
            '--region',
            'us-east-1',
            'eks',
            'get-token',
            '--cluster-name',
            'NAME',
        ],
        command: 'aws',
        env: [
            {
                name: 'AWS_PROFILE',
                value: 'NAME'
            }
        ]
    }
}
const context = {
    name: 'NAME',
    user: user.name,
    cluster: cluster.name,
};

kc.loadFromOptions({
    clusters: [cluster],
    users: [user],
    contexts: [context],
    currentContext: context.name,
});

const k8sApi = kc.makeApiClient(k8s.CoreV1Api);

k8sApi.listNamespacedPod('default').then((res) => {
    console.log(res.body);
});

But unfortunately, I am hit with this error, where am I going wrong?

Answer 1

The error message is complaining that it does not know the cluster's certificate issuer.
Your cluster object needs one of the following properties to specify the certificate authority:

• caFile : Filename containing the certificate authority
• caData : Base64-encoded contents of the certificate authority file

According to the AWS documentation , you should be able to retrieve the certificate authority as "the certificateAuthority.data that was created for your cluster".