Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

master: teleport --insecure doesn't actually skip cert verification on startup #2040

Closed
mumoshu opened this issue Jun 23, 2018 · 5 comments
Closed

master: teleport --insecure doesn't actually skip cert verification on startup #2040

mumoshu opened this issue Jun 23, 2018 · 5 comments
Labels
documentation
Milestone
Docs sprint: Feb ...

Comments

@mumoshu
Copy link
Contributor

mumoshu commented Jun 23, 2018

What happened:

I'm unable to make teleport --insecure as expected according to its own log message.

That is, teleport --insecure fails like https://gist.github.com/mumoshu/2e345a8106704301394354155cff27d2 even though I do have the --insecure flag passed to teleport:

spec:
    containers:
    - args:
      - --insecure
      image: quay.io/gravitational/teleport-ent:2.7.0-alpha.3

Notice the part of the message that made me thing this should work:

If you know the certificate is self-signed and would like to ignore this
error use the --insecure flag.

What you expected to happen:

teleport --insecure doesn't fail to start when the proxy_service.https_cert_file is self-signed.

How to reproduce it (as minimally and precisely as possible):

Use the helm chart proposed in #2014 and install teleport by running cd example/charts/teleport; helm upgrade --install teleport ./

Environment:

  • Teleport version (use teleport version): 2.7.0-alpha.3
  • Tsh version (use tsh version): 2.7.0-alpha.3 (built from the HEAD of Idiomatic helm chart for Teleport #2014)
  • OS (e.g. from /etc/os-release): macOS High Sierra
  • kubectl: v1.10.5
  • Kubernetes: v1.10.0 on minikube v0.28.0

Browser environment

  • Browser Version (for UI-related issues):
  • Install tools:
  • Others:

Relevant Debug Logs If Applicable

  • tsh --debug
  • teleport --debug
@kontsevoy
Copy link
Contributor

@mumoshu that "insecure" flag is not for tsh clients. This flag is used for connecting two clusters together, i.e. when one teleport daemon is connecting to another teleport daemon.

@klizhentas can confirm. If true, I propose we close this (and update the docs).

@mumoshu
Copy link
Contributor Author

mumoshu commented Jun 25, 2018

@kontsevoy Good to know! Thanks. But anyway you can reproduce this without tsh at all, as there's no tsh involved in the reproduction steps.

@kontsevoy
Copy link
Contributor

hm... that's not right. we'll take a look. thanks.

@one000mph one000mph mentioned this issue Oct 2, 2019
Closed
4 tasks
@inertial-frame inertial-frame mentioned this issue Jun 17, 2021
Closed
@mumoshu
Copy link
Contributor Author

mumoshu commented Feb 5, 2022

As far as I remember, it's just that I added --insecure because teleport told me to do so. teleport didn't work even though I've added --insecure as told, hence I created this issue. Now, this is marked as a documentation issue, which seems to imply that the behavior is intended, right?
Then I'm fine closing this :)

@mumoshu mumoshu closed this as completed Feb 5, 2022
@nmcc1212
Copy link

nmcc1212 commented Feb 7, 2022

i still have this issue and there seems to be no way to solve it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
Docs sprint: Feb 28 - Mar 11, 2022
Development

No branches or pull requests
4 participants
@mumoshu @kontsevoy @ptgott @nmcc1212