lens icon indicating copy to clipboard operation
lens copied to clipboard

Published 20 hours ago verified publisher icon lensapp

IPv6 try to resolve as DNS

Open Dominic1DL opened this issue 2 years ago • 6 comments

Describe the bug I have an K0s cluster with only IPv6 for Public IPs. Wenn I try to connect with the Cluster I get an error with the TLS. Error: Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: XXXX. is not in the cert's altnames: DNS [XXXX:XXXX:XXXX:XXXX:XXXX::XXXX], DNS:localhost, IP Address:127.0.0.1

To Reproduce Steps to reproduce the behavior:

  1. Connect with a Cluster over IPv6

Expected behavior The TLS Cert should be Valid. The IPv6 Address should be checkt kompletly and not only one part of the IPv6

Environment (please complete the following information):

  • Lens Version: 5.5.4-latest.20220609.2
  • OS: Manjaro/Debian
  • Installation method (e.g. snap or AppImage in Linux): Pacman/apt

Logs:

Kubeconfig:

Dominic1DL avatar Jun 27 '22 18:06 Dominic1DL

If you run kubectl proxy in your terminal, can you connect via that exposed local port?

Nokel81 avatar Jul 04 '22 13:07 Nokel81

Yes with kubectl proxy i can connect with the cluster. Nice to know never used kubectl proxy befor.

Dominic1DL avatar Jul 04 '22 16:07 Dominic1DL

What version of kubectl are you using?

Nokel81 avatar Jul 04 '22 16:07 Nokel81

kubectl version: Client Version: v1.24.2 Kustomize Version: v4.5.4

Dominic1DL avatar Jul 04 '22 16:07 Dominic1DL

So i figured something out. url.Parse() returns IPv6 addresses without [] arround them (in res.hostname). but httpProxy.ServerOptions seams to need [] arround the IPv6 address. a hotFix I did for my selfe was to add

if (headers.Host.includes(":")) {
      headers.Host = "[" + headers.Host + "]"
}

into main/context-handler/context-hamdler.ts:~160 if youre want I could fork the Projekt and provide this solution as PR

Dominic1DL avatar Jul 26 '22 18:07 Dominic1DL

sure

Nokel81 avatar Jul 26 '22 18:07 Nokel81