0

I'm setting up OLCNE environment with Hashicorp Vault PKI, I successfully install agent, setup vault, certificates was generated but during module createion I have error that host name not match certificates. What I'm doing wrong? Inspecting certificates show thet SAN are set only as 127.0.0.1, but there is no option to set custom dns name as SAN, there is only ability to set ip that is not working when during setting up module I have provided nodes with fqdn rather then ip.

Adam Wyżgoł
  • 101
  • 2
  • Which version of Kubernetes did you use and how did you set up the cluster? Could you attach your Kubernetes config files? What exactly did you do inside Kubernetes? Do you have some logs / errors? – Mikołaj Głodziak Feb 25 '22 at 10:07
  • OLCNE is operator that setting up k8s clusters, I'm using default config for latest version of OLCNE here is documentation for that https://docs.oracle.com/en/operating-systems/olcne/index.html – Adam Wyżgoł Feb 25 '22 at 17:33

2 Answers2

1

This is happening for me as well: FATAL[09/03/22 09:20:45] Could not create environment: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is not valid for any names, but wanted to match "

Doesn't matter if I supply --vault-cert-sans

Vault is setup per documentation to allow IP SANs, not require CN, and to allow any name.

olcnectl can successfully request a cert, but the cert is invalid based on what it requests.

Steven Crowder
  • 11
  • 1
0

As workaround I manualy created certs in vault and put them to k8s hosts. But it should be done by OLCNE, works it for anyone?

Adam Wyżgoł
  • 101
  • 2