Kubectl not working with warp not working

Hi, we are trying to get rid of aws vpn and use cloudflare warp to access aws eks via kubectl from terminal window.

we had set up based on few docos, but still not working.
here is our set up for each part:

  1. cloudflared deployment created within AWS EKS cluster with tunnel token
  2. tunnel created
  3. hostname setting within tunnel
  4. .kube/config cluster updated to: localhost:9876

cloudflared access tcp --hostname eks-cluster.dev.spriggy.net.au --url 127.0.0.1:9876 --log-level=debug

when execute kubectl version: returning followings:

Client Version: v1.30.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Unable to connect to the server: tls: failed to verify certificate: x509: certificate is valid for 172.20.x.x, 10.80.xxx.xxx, 172.16.1xx.xxx, not 127.0.0.1.

searched within community, either topic closed without correct answers or no answers.
Looking forward to some insights.

Hi @jing

Some users have been able to bypass this issue by enabling No TLS Verify for their tunnel.

You can find this menu by going to your Zero Trust dashboard > Networks > Tunnels > [yourtunnel] > Public Hostname tab. Select HTTPS and the TLS submenu option will appear. There you can enable No TLS Verify.

Hi,

Thanks for your reply.

I do think we need a TCP connection for eks cluster based on docos. such as this one https://developers.cloudflare.com/cloudflare-one/tutorials/kubectl/. There is no cush option for a TCP connection to turn off TLS TLS verify.

However, I tried this NO TLS verify. It could not solve the problem for https connection

returning error as

couldn’t get current server API group list: Get “https://127.0.0.1:9876/api?timeout=32s”: read tcp 127.0.0.1:64928->127.0.0.1:9876: read: connection reset by peer - error from a previous attempt: read tcp 127.0.0.1:64922->127.0.0.1:9876: read: connection reset by peer

couldn’t get current server API group list: Get “https://127.0.0.1:9876/api?timeout=32s”: read tcp 127.0.0.1:65002->127.0.0.1:9876: read: connection reset by peer - error from a previous attempt: read tcp 127.0.0.1:64999->127.0.0.1:9876: read: connection reset by peer

couldn’t get current server API group list: Get “https://127.0.0.1:9876/api?timeout=32s”: read tcp 127.0.0.1:65084->127.0.0.1:9876: read: connection reset by peer - error from a previous attempt: read tcp 127.0.0.1:65080->127.0.0.1:9876: read: connection reset by peer

Regards,
Jing