Score:0

Oracle Cloud Native Environment setup with Vault faild on validating host names in certificate

eg flag

I'm setting up OLCNE environment with Hashicorp Vault PKI, I successfully install agent, setup vault, certificates was generated but during module createion I have error that host name not match certificates. What I'm doing wrong? Inspecting certificates show thet SAN are set only as 127.0.0.1, but there is no option to set custom dns name as SAN, there is only ability to set ip that is not working when during setting up module I have provided nodes with fqdn rather then ip.

Mikołaj Głodziak avatar
id flag
Which version of Kubernetes did you use and how did you set up the cluster? Could you attach your Kubernetes config files? What exactly did you do inside Kubernetes? Do you have some logs / errors?
eg flag
OLCNE is operator that setting up k8s clusters, I'm using default config for latest version of OLCNE here is documentation for that https://docs.oracle.com/en/operating-systems/olcne/index.html
Score:1
pl flag

This is happening for me as well: FATAL[09/03/22 09:20:45] Could not create environment: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is not valid for any names, but wanted to match "

Doesn't matter if I supply --vault-cert-sans

Vault is setup per documentation to allow IP SANs, not require CN, and to allow any name.

olcnectl can successfully request a cert, but the cert is invalid based on what it requests.

Score:0
eg flag

As workaround I manualy created certs in vault and put them to k8s hosts. But it should be done by OLCNE, works it for anyone?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.