Skip to content
This repository has been archived by the owner on Aug 25, 2021. It is now read-only.

Add pod IP to IP SANS of client certs #805

Merged
merged 1 commit into from
Feb 4, 2021
Merged

Add pod IP to IP SANS of client certs #805

merged 1 commit into from
Feb 4, 2021

Conversation

lkysow
Copy link
Member

@lkysow lkysow commented Feb 3, 2021
edited
Loading

  • So cert is valid if calling client via pod IP rather than host IP.
  • Also add the host IP as a meta value to the client agent since this
    information is not available through Consul right now.

How I've tested this PR:

  • As part of pod deregistration. I got cert errors and then using this branch I did not.

How I expect reviewers to test this PR:

  • Can test manually by bringing up consul with/without autoencrypt and using openssl to view the certs or you can trust the config

Checklist:

  • Bats tests added
  • CHANGELOG entry added (HashiCorp engineers only, community PRs should not add a changelog entry)

@lkysow
Add pod IP to IP SANS of client certs
1886748 
* So cert is valid if calling client via pod IP rather than host IP.
* Also add the host IP as a meta value to the client agent since this
information is not available through Consul right now.
@lkysow lkysow marked this pull request as ready for review February 4, 2021 00:37
@lkysow lkysow requested review from a team, ndhanushkodi and thisisnotashwin and removed request for a team February 4, 2021 00:37
thisisnotashwin
thisisnotashwin approved these changes Feb 4, 2021
View reviewed changes
Copy link

@thisisnotashwin thisisnotashwin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Trusting the config 🟢

ndhanushkodi
ndhanushkodi approved these changes Feb 4, 2021
View reviewed changes
Copy link
Contributor

@ndhanushkodi ndhanushkodi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Were folks running into this (was there a GH issue to maybe resolve)?

@lkysow
Copy link
Member Author

lkysow commented Feb 4, 2021

Looks great! Were folks running into this (was there a GH issue to maybe resolve)?

No one ran into it but me :D

@lkysow lkysow merged commit 3fabe29 into master Feb 4, 2021
@lkysow lkysow deleted the pod-ip-sans branch February 4, 2021 18:37
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ndhanushkodi ndhanushkodi ndhanushkodi approved these changes

@thisisnotashwin thisisnotashwin thisisnotashwin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lkysow @ndhanushkodi @thisisnotashwin