I have a pretty simple terraform configuration that simply creates a cluster in google cloud.
The first "terraform apply" creates the cluster as expected, any subsequent changes to the configuration get greeted with:
x509: <cluster_ip> certificate is not standards compliant
E.g. Error: Get "https://<cluster_ip>/api/v1/namespaces/hub": x509: “<cluster_ip>” certificate is not standards compliant
It looks like on an update, terraform will query the cluster resources to compare states and at that point the error occurs.
I upgraded versions for terraform, now using 1.5.0 and kubernetes, now using 1.25.9 in client, 1.25.8 on cluster.
I also created the cluster in different regions, also different OS (MacOS, Linux) and machines.
I also tried to get the certificate from the cluster and add it to my machine certificates as trusted ones, basically I followed this: https://jhooq.com/x509-certificate-signed/ but no luck.
I'm not sure what the underlying problem is, but here is a workaround,
https://jhooq.com/x509-certificate-signed/
to summarize, you get the problematic certificate either saving it with your browser or with the openssl command in a crt format
openssl s_client -connect registry.terraform.io:443 2>/dev/null </dev/null |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
load and add the certificate to your OS certificate storage and trust it.