Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Denies when hostname is not the dns name #76

Closed
challapradyumna opened this issue Aug 2, 2022 · 2 comments · Fixed by #87
Closed

Denies when hostname is not the dns name #76

challapradyumna opened this issue Aug 2, 2022 · 2 comments · Fixed by #87

Comments

@challapradyumna
Copy link

We explicity change the hostname of the box to a different naming convention the certificates get rejected because of this reason.

The SAN DNS Name in the x509 CSR is not prefixed by the node name (hostname)
@clementnuss
Copy link
Contributor

Ok, never thought about that use case.

I will implement a new command line flag to toggle this check 👍🏼

clementnuss added a commit that referenced this issue Aug 23, 2022
relates to #76
[skip ci]
clementnuss added a commit that referenced this issue Aug 23, 2022
@clementnuss
Copy link
Contributor

hi @challapradyumna 👋🏻
I've implemented a config flag that permits to bypass the dns name is prefixed with the hostname check.

can you try the following image and report whether it works for you ?
postfinance/kubelet-csr-approver:bypass-hostname-check

clementnuss added a commit that referenced this issue Aug 29, 2022
relates to #76
[skip ci]
clementnuss added a commit that referenced this issue Aug 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants