Smana
commented
6 years ago Hi ! Do you use the option --oidc-ca-file=/etc/ssl/certs/ca.pem of the kube apiserver ?
Open sujithvs-dev opened 6 years ago
Smana
commented
6 years ago Hi ! Do you use the option --oidc-ca-file=/etc/ssl/certs/ca.pem of the kube apiserver ?
sujithvs-dev
commented
6 years ago I have it already and dex was working well before adding new cert for apiserver.
Now apiserver is running with a different CA certificate and when dex tries to communicate with it using apiserver pod ip and port it is failing. How can I pass apiserver endpoint and CA file to dex.
apiserver parameters - ` - --oidc-issuer-url=https://dex.k8s.example.com:8443/dex
My kubeconfig file -
`apiVersion: v1 clusters:
We have updated new cert for kube apiserver, after this dex is not starting up. It is throwing below error. We need help for configuring dex with new apiserver cert CA and endpoint.
time="2018-03-26T18:17:47Z" level=error msg="creating custom resource authcodes.dex.coreos.com: Post https://10.96.0.1:443/apis/apiextensions.k8s.io/v1beta1/customresourcedefinitions: x509: cannot validate certificate for 10.96.0.1 because it doesn't contain any IP SANs" failed to initialize server: server: failed to list connector objects from storage: failed to list connectors: Get https://10.96.0.1:443/apis/dex.coreos.com/v1/namespaces/auth/connectors: x509: cannot validate certificate for 10.96.0.1 because it doesn't contain any IP SAN