Open przemeklal opened 2 weeks ago
Thank you for reporting us your feedback!
The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-6417.
This message was autogenerated
This is a valid bug. That being said, configuration tls-secret-id
is an alternative, which in contrary to what is mentioned in the readme, is not going to be dropped in newer versions (relevant issue https://github.com/canonical/istio-operators/issues/536)
Bug Description
Hi,
I configured
csr-domain-name
in istio-pilot and related it to manual-tls-certificates. When Ijuju run manual-tls-certificates/leader get-outstanding-certificate-requests
the generated CSR incorrectly includes Kubernetes service FQDN:The inclusion of
svc.cluster.local
type of domains in CSR is not supported by 3rd party CAs, such as Let's Encrypt:The expected behavior is using the same address (
csr-domain-name
) in CN and SAN fields (or even omitting CN completely).Other charms, such as Traefik behave correctly, please see an example CSR generated using the same steps:
To Reproduce
Environment
Relevant Log Output
Additional Context
No response