GithubHelp home page GithubHelp logo

Comments (3)

maraino avatar maraino commented on June 26, 2024 1

X509 certificates distinguish IPs and DNS names; you can add any of them, and depending on what they are, we add it as a DNS or an IP subject alternative name.

from helm-charts.

maraino avatar maraino commented on June 26, 2024

Hi @xinbinhuang, you can do a couple of things to fix that error. You can add localhost or 127.0.0.1 to inject.config.files["ca.json"].dnsNames so the CA certificate includes localhost as a valid name, or alternatively you can add an entry to /etc/hosts file like

127.0.0.1 <release-name>.<namespace>.svc.cluster.local

I recommend you the first option.

from helm-charts.

xinbinhuang avatar xinbinhuang commented on June 26, 2024

Thank you! It seems that I made a mistake to think that "localhost" and "127.0.0.1" are equal from step-ca 's perspective while it's not. So I added both to dnsNames , and now I can resolve to either.

Here is more details on reproducing the original issue in case someone stumbles on this in the future

# port forward pod
kubectl port-forward pod/<step-certiticates-pod-name> 9000:9000

# bootstrap local configs and certs
step ca bootstrap ...

# this works
step ca provisioner list --ca-url 127.0.0.1:9000
> [ ... ]

# this doesn't work
step ca provisioner list --ca-url localhost:9000
> error getting the provisioners: client GET https://localhost:9000/provisioners?limit=100 failed: Get "https://localhost:9000/provisioners?limit=100": x509: certificate is valid for <...>.svc.cluster.local, not localhost

from helm-charts.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.