When running on k8s 1.18.6, clusterpedia failed to run

[panpan0000]

What happened?

error message:

What did you expect to happen?

it run well

How can we reproduce it (as minimally and precisely as possible)?

1.18

Anything else we need to know?

No response

Clusterpedia Version

# replace the pod name of clusterpedia apiserver
$ kubectl -n clusterpedia-system exec {clusterpedia-apiserver-pod-name} -- apiserver --version=raw
# paste output here

# replace the pod name of clusterpedia clustersynchro-manager
$ kubectl -n clusterpedia-system exec {clustersynchro-manager-pod-name} -- clustersynchro-manager --version=raw
# paste output here

Host Kubernetes version

$ kubectl version
# paste output here

[clusterpedia-bot]

Hi @panpan0000,
Thanks for opening an issue!
We will look into it as soon as possible.

Details

Instructions for interacting with me using comments are available here.
If you have questions or suggestions related to my behavior, please file an issue against the gh-ci-bot repository.

[Iceber]

This is because the front-proxy-client.crt used by your kube-apiserver is using SHA1, it is recommended to recreate front-proxy-client.crt, SHA1 has security issues.

spec:
  containers:
  - command:
    - kube-apiserver
    - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
    - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key

golang has rejected SHA1 since 1.18 golang/go#41682, of course it is possible to use the environment variable GODEBUG=x509sha1=1 to allow sha1 certificates, but this is still insecure.

However, to be compatible with more user scenarios, we will add a value to helm to help users configure the environment variable GODEBUG=x509sha1=1.

[panpan0000]

Thx