Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubernetes.default.svc not among SANs in Kubernetes API serving certificate #1112

Closed
fapatel1 opened this issue Jun 8, 2021 · 2 comments
Closed

kubernetes.default.svc not among SANs in Kubernetes API serving certificate #1112

fapatel1 opened this issue Jun 8, 2021 · 2 comments
Assignees
@brandond @ShylajaDevadiga
Labels
kind/bug Something isn't working
Projects
Development [DEPRECATED]
Milestone
v1.21.2+rke2r1

Comments

@fapatel1
Copy link

fapatel1 commented Jun 8, 2021
edited by brandond

Pull through "kubernetes.default.svc not among SANs in Kubernetes API serving certificate" from k3s-io/k3s#3392 to master branch
@fapatel1 fapatel1 added the kind/bug Something isn't working label Jun 8, 2021
@fapatel1 fapatel1 added this to the v1.21.2+rke2r1 milestone Jun 8, 2021
@brandond brandond changed the title [release-1.21] kubernetes.default.svc not among SANs in Kubernetes API serving certificate kubernetes.default.svc not among SANs in Kubernetes API serving certificate Jun 8, 2021
This was referenced Jun 8, 2021
Closed
Merged
brandond added a commit to brandond/rke2 that referenced this issue Jun 8, 2021
@brandond
Update k3s and resync module versions for rancher#1112 and rancher#1116
75357fb 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond brandond mentioned this issue Jun 8, 2021
Merged
@brandond brandond added this to To Triage in Development [DEPRECATED] via automation Jun 9, 2021
@brandond brandond moved this from To Triage to Peer Review in Development [DEPRECATED] Jun 9, 2021
brandond added a commit to brandond/rke2 that referenced this issue Jun 9, 2021
@brandond
Update k3s and resync module versions for rancher#1112 and rancher#1116
48a24a6 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond added a commit to brandond/rke2 that referenced this issue Jun 11, 2021
@brandond
Update k3s and resync module versions for rancher#1112 and rancher#1116
3673b5a 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@cjellick cjellick moved this from Peer Review to To Test in Development [DEPRECATED] Jun 11, 2021
@cjellick
Copy link
Contributor

This needs to be fixed and in on 1.20 and 1.21, both k3s and rke2. make sure all the issues line up properly.

brandond added a commit to brandond/rke2 that referenced this issue Jun 11, 2021
@brandond
Update k3s and resync module versions for rancher#1112 and rancher#1116
df4c14f 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond added a commit that referenced this issue Jun 11, 2021
@brandond
Update k3s and resync module versions for #1112 and #1116
57b41d9 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@ShylajaDevadiga
Copy link
Contributor

Validated using rc, v1.21.2-rc1+rke2r1
Reproduced in v1.20.7+rke2r2

$ echo QUIT | openssl s_client -connect localhost:6443 2>/dev/null | openssl x509 -noout -text |grep DNS
                DNS:localhost, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc.cluster.local

After the fix using v1.21.2-rc1+rke2r1

$ echo QUIT | openssl s_client -connect localhost:6443 2>/dev/null | openssl x509 -noout -text |grep DNS
                DNS:localhost, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local

From within the pod

root@nginx-deployment-66b6c48dd5-shk8r:/# curl --cacert /run/secrets/kubernetes.io/serviceaccount/ca.crt https://kubernetes.default
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "Unauthorized",
  "reason": "Unauthorized",
  "code": 401
}

Development [DEPRECATED] automation moved this from To Test to Done Issue / Merged PR Jun 22, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brandond brandond

@ShylajaDevadiga ShylajaDevadiga

Labels
kind/bug Something isn't working
Projects
No open projects
Development [DEPRECATED]
Done Issue / Merged PR
Milestone
v1.21.2+rke2r1
Development

No branches or pull requests
4 participants
@brandond @cjellick @ShylajaDevadiga @fapatel1