Wrong certificate name when using cert manager and Istio #163

zs-ko · 2023-04-18T16:36:45Z

When using cert-manager to provision node and client certificates the nodes tries to use node.0.0.0.0:7200 for their certificate names, but should rather be using node name instead of rpc address. Only when istio is enabled

if [[ $sameRootCA -eq 0 ]]; then
            echo "Refreshing tls certs at /opt/certs/yugabyte/";
            cp /home/yugabyte/cert-manager/tls.crt /opt/certs/yugabyte/node.0.0.0.0:7100.crt;
            cp /home/yugabyte/cert-manager/tls.key /opt/certs/yugabyte/node.0.0.0.0:7100.key;

this could be used instead and it would resolve the problem
$(HOSTNAME).yugabyte-yb-masters.$(NAMESPACE).svc.cluster.local:7100.crt/key

To fix this issue for now i had to add the following to values

 gflags:
  master:
    cert_node_filename: 0.0.0.0:7100
  tserver:
    cert_node_filename: 0.0.0.0:7100

The text was updated successfully, but these errors were encountered:

iSignal · 2023-04-18T16:56:42Z

Thanks for the report @zs-ko ! cc @bhavin192 @baba230896

zs-ko changed the title ~~Wrong certificate name when using cert manager~~ Wrong certificate name when using cert manager and Istio Apr 18, 2023

iSignal assigned bhavin192 Apr 18, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Wrong certificate name when using cert manager and Istio #163

Wrong certificate name when using cert manager and Istio #163

zs-ko commented Apr 18, 2023 •

edited

iSignal commented Apr 18, 2023

Wrong certificate name when using cert manager and Istio #163

Wrong certificate name when using cert manager and Istio #163

Comments

zs-ko commented Apr 18, 2023 • edited

iSignal commented Apr 18, 2023

zs-ko commented Apr 18, 2023 •

edited