You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Environmental Info:
RKE2 Version:
rke2 version v1.23.4+rke2r1 (ea0e129)
go version go1.17.5b7
Node(s) CPU architecture, OS, and Version:
Linux mw-rg24-gc 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Cluster Configuration:
1 node setup
Describe the bug:
I am trying to integrated keycloak as an OIDC provider with rke2 kube-apiserver. Kube-apiserver is throwing x509 errors while trying to connect to the issuer url.
Steps To Reproduce:
Installed RKE2:
Installed rke2 with: curl -sfL https://get.rke2.io | INSTALL_RKE2_CHANNEL=v1.23.4+rke2r1 sh -
and config:
[root ~]# cat /etc/rancher/rke2/config.yaml
tls-san:
192.168.203.125
keycloak.gc.svc.cluster.local
mw-rg24-gc
Expected behavior:
At least the communication should start when with the OIDC issuer when the certs are signed by the common CA.
Actual behavior:
The api-server is failing to validate the cert.
The text was updated successfully, but these errors were encountered:
You haven't included the actual error message that you're seeing; can you include the error logs in question?
Working only from your description this sounds like a problem with the certificate on your keycloak server, as opposed to anything wrong with RKE2. Ensure that the certificate has all the correct SANs on it.
Environmental Info:
RKE2 Version:
rke2 version v1.23.4+rke2r1 (ea0e129)
go version go1.17.5b7
Node(s) CPU architecture, OS, and Version:
Linux mw-rg24-gc 5.4.0-124-generic #140-Ubuntu SMP Thu Aug 4 02:23:37 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Cluster Configuration:
1 node setup
Describe the bug:
I am trying to integrated keycloak as an OIDC provider with rke2 kube-apiserver. Kube-apiserver is throwing x509 errors while trying to connect to the issuer url.
Steps To Reproduce:
Installed rke2 with: curl -sfL https://get.rke2.io | INSTALL_RKE2_CHANNEL=v1.23.4+rke2r1 sh -
and config:
[root ~]# cat /etc/rancher/rke2/config.yaml
tls-san:
Expected behavior:
At least the communication should start when with the OIDC issuer when the certs are signed by the common CA.
Actual behavior:
The api-server is failing to validate the cert.
The text was updated successfully, but these errors were encountered: