request-cert allows you to pass an invalid username on its command line (./request-cert -user foo_bar or ./request-cert -user foo-bar). In both cases the CSR will be created and can be approved, however:
foo_bar:
When it comes time to save the foo_bar certificate secret K8S rejects it with the error:
2019/07/03 23:29:18 could not store secrets: Secret "default.client.foo_bar" is invalid: metadata.name: Invalid value: "default.client.foo_bar": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
request-cert allows you to pass an invalid username on its command line (
./request-cert -user foo_baror./request-cert -user foo-bar). In both cases the CSR will be created and can be approved, however:foo_bar:
When it comes time to save the foo_bar certificate secret K8S rejects it with the error:
foo-bar:
Dashes are not allowed in cockroachdb usernames.