Repository metrics
- Stars
- (4,127 stars)
- PR merge metrics
- (Avg merge 16d 13h) (160 merged PRs in 30d)
Description
In the page - https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#securing-the-service there are two methods provided, to create certificate for setting up nginx with SSL:
- Using "make keys KEY=/tmp/nginx.key CERT=/tmp/nginx.crt" inside https://github.com/kubernetes/examples/tree/master/staging/https-nginx/
- Using openssl command.
In method 1, the subj used is CN=nginxsvc/O=nginxsvc and in method 2 its /CN=my-nginx/O=my-nginx
Further down the document, to access the site without SSL error following command is provided: kubectl exec curl-deployment-1515033274-1410r -- curl https://my-nginx --cacert /etc/nginx/ssl/tls.crt
This command works fine if the certificate is generated using method 2. However it will give following error if method 1 is used: kubectl exec curl-deployment-948555475-7mnx9 -- curl https://my-nginx --cacert /etc/nginx/ssl/tls.crt curl: (51) SSL: certificate subject name 'nginxsvc' does not match target host name 'my-nginx' command terminated with exit code 51
The subj can be changed in https://github.com/kubernetes/examples/blob/master/staging/https-nginx/Makefile to match my-nginx, however I am not sure if it would impact other examples.
Any suggestions/comments?