charts icon indicating copy to clipboard operation
charts copied to clipboard

Published 20 hours ago verified publisher icon yugabyte

Wrong certificate name when using cert manager and Istio

Open zs-ko opened this issue 1 year ago • 1 comments

When using cert-manager to provision node and client certificates the nodes tries to use node.0.0.0.0:7200 for their certificate names, but should rather be using node name instead of rpc address. Only when istio is enabled

if [[ $sameRootCA -eq 0 ]]; then
            echo "Refreshing tls certs at /opt/certs/yugabyte/";
            cp /home/yugabyte/cert-manager/tls.crt /opt/certs/yugabyte/node.0.0.0.0:7100.crt;
            cp /home/yugabyte/cert-manager/tls.key /opt/certs/yugabyte/node.0.0.0.0:7100.key;

this could be used instead and it would resolve the problem $(HOSTNAME).yugabyte-yb-masters.$(NAMESPACE).svc.cluster.local:7100.crt/key

To fix this issue for now i had to add the following to values

 gflags:
  master:
    cert_node_filename: 0.0.0.0:7100
  tserver:
    cert_node_filename: 0.0.0.0:7100

zs-ko avatar Apr 18 '23 16:04 zs-ko

Thanks for the report @zs-ko ! cc @bhavin192 @baba230896

iSignal avatar Apr 18 '23 16:04 iSignal