Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Release-1.26] - --tls-san should accept a comma-separated list, in addition to repeated use of the flag #7396

Closed
dereknola opened this issue May 2, 2023 · 1 comment
Closed

[Release-1.26] - --tls-san should accept a comma-separated list, in addition to repeated use of the flag #7396

dereknola opened this issue May 2, 2023 · 1 comment
Assignees
@dereknola @bguzman-3pillar
Milestone
v1.26.5+k3s1

Comments

@dereknola
Copy link
Contributor

Backport fix for --tls-san should accept a comma-separated list, in addition to repeated use of the flag
@dereknola dereknola self-assigned this May 2, 2023
@dereknola dereknola mentioned this issue May 2, 2023
Merged
@caroline-suse-rancher caroline-suse-rancher added this to the v1.26.5+k3s1 milestone May 2, 2023
@bguzman-3pillar
Copy link

Validated on commit 743a0dd804ef97dfedafb9c527194f78ceb37891

$ k3s -v
k3s version v1.26.4+k3s-743a0dd8 (743a0dd8)
go version go1.19.8

Environment Details

Infrastructure

  • Cloud
  • Hosted

Node(s) CPU architecture, OS, and Version:

$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Cluster Configuration:

1 server

Config.yaml:

cat config.yaml 
write-kubeconfig-mode: 644
debug: true
token: testingcr
cluster-init: true
prefer-bundled-bin: true

Testing Steps

  1. Copy config.yaml
$ sudo mkdir -p /etc/rancher/k3s && sudo cp config.yaml /etc/rancher/k3s
  1. Install k3s passing --tls-san flag
  2. Get openssl x509 running
    sudo openssl x509 -in /var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt -noout -text | grep "Subject Alternative" -A1

Validation Results:

$ curl -sfL https://get.k3s.io | INSTALL_K3S_COMMIT=743a0dd804ef97dfedafb9c527194f78ceb37891 INSTALL_K3S_EXEC="server --tls-san "192.168.255.255,172.31.255.255,10.255.255.255"" sh -

$ sudo openssl x509 -in /var/lib/rancher/k3s/server/tls/serving-kube-apiserver.crt -noout -text | grep "Subject Alternative" -A1
            X509v3 Subject Alternative Name: 
                DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:localhost, DNS:ip-172-31-38-238, IP Address:192.168.255.255, IP Address:172.31.255.255, IP Address:10.255.255.255, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, IP Address:172.31.38.238, IP Address:10.43.0.1


$ kubectl get node,pod -A 
NAME                    STATUS   ROLES                  AGE   VERSION
node/ip-172-31-38-238   Ready    control-plane,master   10m   v1.26.4+k3s-743a0dd8

NAMESPACE     NAME                                          READY   STATUS      RESTARTS   AGE
kube-system   pod/coredns-59b4f5bbd5-584sr                  1/1     Running     0          10m
kube-system   pod/local-path-provisioner-76d776f6f9-6qgdq   1/1     Running     0          10m
kube-system   pod/helm-install-traefik-crd-n7k5p            0/1     Completed   0          10m
kube-system   pod/svclb-traefik-87cadbf4-7fxhm              2/2     Running     0          9m46s
kube-system   pod/helm-install-traefik-45p82                0/1     Completed   1          10m
kube-system   pod/traefik-56b8c5fb5c-qp6p2                  1/1     Running     0          9m46s
kube-system   pod/metrics-server-7b67f64457-wpldf           1/1     Running     0          10m

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dereknola dereknola

@bguzman-3pillar bguzman-3pillar

Labels
None yet
Projects
K3s Development
Archived in project
Milestone
v1.26.5+k3s1
Development

No branches or pull requests
3 participants
@dereknola @bguzman-3pillar @caroline-suse-rancher