tidb-operator Failed to start PD when `cert-allowed-cn` is more than one

trafficstars

[2020/03/20 03:48:17.941 +00:00] [INFO] [server.go:220] ["PD Config"] [config="{\"client-urls\":\"https://0.0.0.0:2379\",\"peer-urls\":\"https://0.0.0.0:2380\",\"advertise-client-urls\":\"https://cluster-tls-pd-0.cluster-tls-pd-peer.cluster-tls.svc:2379\",\"advertise-peer-urls\":\"https://cluster-tls-pd-0.cluster-tls-pd-peer.cluster-tls.svc:2380\",\"name\":\"cluster-tls-pd-0\",\"data-dir\":\"/var/lib/pd\",\"force-new-cluster\":false,\"enable-grpc-gateway\":true,\"initial-cluster\":\"cluster-tls-pd-0=https://cluster-tls-pd-0.cluster-tls-pd-peer.cluster-tls.svc:2380\",\"initial-cluster-state\":\"new\",\"join\":\"\",\"lease\":3,\"log\":{\"level\":\"\",\"format\":\"text\",\"disable-timestamp\":false,\"file\":{\"filename\":\"\",\"max-size\":0,\"max-days\":0,\"max-backups\":0},\"development\":false,\"disable-caller\":false,\"disable-stacktrace\":false,\"disable-error-verbose\":true,\"sampling\":null},\"log-file\":\"\",\"log-level\":\"\",\"tso-save-interval\":\"3s\",\"metric\":{\"job\":\"cluster-tls-pd-0\",\"address\":\"\",\"interval\":\"15s\"},\"schedule\":{\"max-snapshot-count\":3,\"max-pending-peer-count\":16,\"max-merge-region-size\":20,\"max-merge-region-keys\":200000,\"split-merge-interval\":\"1h0m0s\",\"enable-one-way-merge\":\"false\",\"enable-cross-table-merge\":\"false\",\"patrol-region-interval\":\"100ms\",\"max-store-down-time\":\"30m0s\",\"leader-schedule-limit\":4,\"leader-schedule-policy\":\"count\",\"region-schedule-limit\":2048,\"replica-schedule-limit\":64,\"merge-schedule-limit\":8,\"hot-region-schedule-limit\":4,\"hot-region-cache-hits-threshold\":3,\"store-balance-rate\":15,\"tolerant-size-ratio\":0,\"low-space-ratio\":0.8,\"high-space-ratio\":0.6,\"scheduler-max-waiting-operator\":5,\"enable-remove-down-replica\":\"true\",\"enable-replace-offline-replica\":\"true\",\"enable-make-up-replica\":\"true\",\"enable-remove-extra-replica\":\"true\",\"enable-location-replacement\":\"true\",\"enable-debug-metrics\":\"false\",\"schedulers-v2\":[{\"type\":\"balance-region\",\"args\":null,\"disable\":false,\"args-payload\":\"\"},{\"type\":\"balance-leader\",\"args\":null,\"disable\":false,\"args-payload\":\"\"},{\"type\":\"hot-region\",\"args\":null,\"disable\":false,\"args-payload\":\"\"},{\"type\":\"label\",\"args\":null,\"disable\":false,\"args-payload\":\"\"}],\"schedulers-payload\":null,\"store-limit-mode\":\"manual\"},\"replication\":{\"max-replicas\":3,\"location-labels\":\"\",\"strictly-match-label\":\"false\",\"enable-placement-rules\":\"false\"},\"pd-server\":{\"use-region-storage\":\"true\",\"max-reset-ts-gap\":86400000000000,\"key-type\":\"table\",\"runtime-services\":\"\",\"metric-storage\":\"\"},\"cluster-version\":\"0.0.0\",\"quota-backend-bytes\":\"8GiB\",\"auto-compaction-mode\":\"periodic\",\"auto-compaction-retention-v2\":\"1h\",\"TickInterval\":\"500ms\",\"ElectionInterval\":\"3s\",\"PreVote\":true,\"security\":{\"cacert-path\":\"/var/lib/pd-tls/ca.crt\",\"cert-path\":\"/var/lib/pd-tls/tls.crt\",\"key-path\":\"/var/lib/pd-tls/tls.key\",\"client-cert-auth\":false,\"cert-allowed-cn\":[\"xxx\",\"yyy\"]},\"label-property\":null,\"WarningMsgs\":null,\"DisableStrictReconfigCheck\":false,\"HeartbeatStreamBindInterval\":\"1m0s\",\"LeaderPriorityCheckInterval\":\"1m0s\",\"enable-dynamic-config\":true,\"EnableDashboard\":true}"]
[2020/03/20 03:48:17.942 +00:00] [FATAL] [main.go:103] ["create server failed"] [error="Currently only supports one CN"] [stack="github.com/pingcap/log.Fatal\n\t/home/jenkins/agent/workspace/build_pd_multi_branch_master/go/pkg/mod/github.com/pingcap/[email protected]/global.go:59\nmain.main\n\t/home/jenkins/agent/workspace/build_pd_multi_branch_master/go/src/github.com/pingcap/pd/cmd/pd-server/main.go:103\nruntime.main\n\t/usr/local/go/src/runtime/proc.go:203"]

If the PD's cert-allowed-cn parameter is passed multiple values, the PD will exit directly. Is it necessary to modify it to take only the first value and ignore the other values? @tennix PTAL