-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Never approve CSR if --bypass-dns-resolution is specified #253
Comments
Ran into the same issue now |
Same |
#253 Signed-off-by: Clément Nussbaumer <[email protected]>
#253 Signed-off-by: Clément Nussbaumer <[email protected]>
issue #253 Signed-off-by: Clément Nussbaumer <[email protected]>
hi! really sorry for the bug introduced while resolving #250 🤦🏼 I've now made the code simpler, with a proper early exit when bypassDNSResolution is true. I've also added a testcase covering this issue. can someone try the following image and report on whether the fix works on their side ?
|
Thanks for the quick fix! I checked it with helm chart 1.2.0 by setting |
release v1.2.1 with the fix is out. sorry for the inconvenience, and hoping everything settles down 🙃 |
After updating to 1.2.0, the following error message appeared and CSRs were not approved.
In my environment, the node name cannot be resolved by DNS, so I specify
--bypass-dns-resolution
.I checked the source, and the IP addresses of the SAN are checked against
resolvedIPSet
here, howeverresolvedIPSet
contains only the IP addresses resolved here by DNS.So, I think the check will always fail if
--bypass-dns-resolution
is specified.The text was updated successfully, but these errors were encountered: