Open YC opened 2 months ago
@buehler, I checked the old Bouncy Castle generator + CLI command, and it looks like this issue would have been in there too. I think there is an inconsistency between the default name in the kustomization after generation vs the one given to the certificates during generation.
Hey @ian-buse and @YC
You are correct. This is an issue with the generated SAN. However the *.svc
should actually cover the wrongly named one. Nonetheless it is an error and should be fixed.
Describe the bug
The first SAN in
svc.pem
does not seem to match name of service.To reproduce
examples\WebhookOperator
directoryKubeOps.Cli.exe gen operator namepassedin --out config
kubectl kustomize config/ -o combined.yaml
svc.pem
, when viewed withopenssl
:Expected behavior
I believe the first SAN should be
namepassedin-operator.namepassedin-system.svc
. Also, I wonder if the other 2 are needed? I think the second should cover the first, and the third may not be needed?Screenshots
No response
Additional Context
Reproduced in: v9.1.1
Relevant Code: https://github.com/buehler/dotnet-operator-sdk/blob/v9.1.1/src/KubeOps.Cli/Commands/Generator/OperatorGenerator.cs#L82 https://github.com/buehler/dotnet-operator-sdk/blob/v9.1.1/src/KubeOps.Operator.Web/Certificates/CertificateGenerator.cs#L143-L145