Skip to content

x509: certificate relies on legacy Common Name field #22

@myspotontheweb

Description

@myspotontheweb

Describe the bug/feature

Mutating webhook throws the following error when submitting the valid nginx example:

$ kubectl apply -f tests/k8s/nginx_deployment.yml
Error from server (InternalError): error when creating "tests/k8s/nginx_deployment.yml": Internal error occurred: failed calling webhook "tesoro-admission-controller.tesoro.svc": Post "https://tesoro-admission-controller.tesoro.svc:443/mutate?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

To Reproduce

I am evaluating Tesoro so was following the instructions:

  1. Use latest version of minikube to start a cluster
$ minikube start
😄  minikube v1.15.1 on Ubuntu 18.04
✨  Using the docker driver based on user configuration
👍  Starting control plane node minikube in cluster minikube
🔥  Creating docker container (CPUs=2, Memory=3900MB) ...
🐳  Preparing Kubernetes v1.19.4 on Docker 19.03.13 ...
🔎  Verifying Kubernetes components...
🌟  Enabled addons: storage-provisioner, default-storageclass
🏄  Done! kubectl is now configured to use "minikube" cluster and "default" namespace by default
  1. Clone the tesoro
git clone git@github.com:kapicorp/tesoro.git
  1. Run the commands in the instructions
kubectl apply -f k8s/clusterrole.yaml
kubectl apply -f k8s/clusterrolebinding.yaml
kubectl apply -f k8s/tesoro_namespace.yaml
kubectl -n tesoro apply -f k8s/tesoro_secret.yaml
kubectl -n tesoro apply -f k8s/tesoro_service.yaml
kubectl -n tesoro apply -f k8s/tesoro_deployment.yaml

Wait for pods to start

kubectl apply -f k8s/tesoro_mutatingwebhook.yaml

Test failed

$ kubectl apply -f tests/k8s/nginx_deployment.yml
Error from server (InternalError): error when creating "tests/k8s/nginx_deployment.yml": Internal error occurred: failed calling webhook "tesoro-admission-controller.tesoro.svc": Post "https://tesoro-admission-controller.tesoro.svc:443/mutate?timeout=30s": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Expected behavior

Expected example to work

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions