tuxillo
commented
3 weeks ago This is how I tested it:
No skip:
~/s/kine$ ./bin/kine --endpoint "mysql://root:root@tcp(localhost:3306)/kine" --ca-file ~/s/docker-mysql-tls/ssl/ca.pem --cert-file ~/s/docker-mysql-tls/ssl/client-cert.pem --key-file ~/s/docker-mysql-tls/ssl/client-key.pem
INFO[2024-06-16T14:45:36.513918611+02:00] metrics server is starting to listen at :8080
INFO[2024-06-16T14:45:36.51409881+02:00] starting metrics server path /metrics
WARN[2024-06-16T14:45:36.51729253+02:00] failed to check existence of database kine, going to attempt create: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match localhost
FATA[2024-06-16T14:45:36.518841498+02:00] building kine: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match localhostSkip:
~/s/kine$ ./bin/kine --endpoint "mysql://root:root@tcp(localhost:3306)/kine" --skip-verify true --ca-file ~/s/docker-mysql-tls/ssl/ca.pem --cert-file ~/s/docker-mysql-tls/ssl/client-cert.pem --key-file ~/s/docker-mysql-tls/ssl/client-key.pem
INFO[2024-06-16T14:46:15.788047808+02:00] metrics server is starting to listen at :8080
INFO[2024-06-16T14:46:15.788228418+02:00] starting metrics server path /metrics
INFO[2024-06-16T14:46:15.78989117+02:00] Configuring mysql database connection pooling: maxIdleConns=2, maxOpenConns=0, connMaxLifetime=0s
INFO[2024-06-16T14:46:15.78994924+02:00] Configuring database table schema and indexes, this may take a moment...
INFO[2024-06-16T14:46:15.79032638+02:00] Database tables and indexes are up to date
INFO[2024-06-16T14:46:15.792272429+02:00] Kine available at http://127.0.0.1:2379
As mentioned here: https://github.com/k3s-io/k3s/issues/1093 , it is not possible to skip TLS verification. This patch adds support for skipping it. Not sure if it's the correct approach tho :)