x509 - cannot parse dnsName

[markeijsermans]

The current version v0.3.0 on quay.io is compiled with a version of golang that is causing issues with intermediary certs. This effects people running prometheus-operator from the generated manifests

Logs from the proxy running in a node-exporter pod:

config.go:330] Expected to load root CA config from /var/run/secrets/kubernetes.io/serviceaccount/ca.crt, but got err: error reading /var/run/secrets/kubernetes.io/serviceaccount/ca.crt: x509: cannot parse dnsName "Self-Signed Root CA for all Dev Kubernetes Clusters"

The golang issue: golang/go#23995 (comment)

As a result Kubernetes go client has experienced these issues: kubernetes/client-go#371.

I can confirm rebuilding kube-rbac-proxy with make container (now using go v1.10.3) fixes the issue.

Tested on Kubernetes version:

Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.3", GitCommit:"2bba0127d85d5a46ab4b778548be28623b32d0b0", GitTreeState:"clean", BuildDate:"2018-05-21T09:05:37Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

[brancz]

Thanks for this issue! I will re-compile and release a new version to get this fixed.

[brancz]

Released and pushed v0.3.1 and images are available under:

• quay.io/brancz/kube-rbac-proxy:v0.3.1
• quay.io/coreos/kube-rbac-proxy:v0.3.1

Again, thanks a lot for reporting this. I'll also submit a PR for kube-prometheus to bump to this version.