middleware icon indicating copy to clipboard operation
middleware copied to clipboard

Published 20 hours ago verified publisher icon truenas

NAS-118197 / 22.12 / Fix k3s logs/exec issue

Open Qubad786 opened this issue 2 years ago • 1 comments

Problem

With recent upgrade of kubernetes, k3s logs could not be viewed and neither would exec work for pods with kubernetes complaining about SSL certificate not containing explicit node IP.

Solution

K3s generates SSL certificates itself required for functioning of kubernetes but it only by default adds the node IP to the certificate. For users who have selected wildcard ( 0.0.0.0 ) in the settings, the SSL certificate will have a SAN entry for 0.0.0.0 only but the actual node IP would be some IP on one of the interfaces of the system.. This results in failure to see logs or exec in pods. Proposed workflow is to provide all available ips to k3s so it adds explicit SAN entries for each IP available and then for cases like where we are using wildcard IP, the SSL certificate of kubernetes would still contain the actual node IP and users can access logs or exec pods.

Qubad786 avatar Sep 15 '22 16:09 Qubad786

Jira URL: https://ixsystems.atlassian.net/browse/NAS-118197

bugclerk avatar Sep 15 '22 16:09 bugclerk