Closed creckord closed 4 years ago
This seems related to #208 and the change in #225. I couldn't really make heads or tails of what's happening there, or I would have tried to provide a PR.
Recent refactors make this trivial to add:
Help wanted!
@tstromberg I looked into this and it seems that the line you mentioned in certs.go
is quite far away from the docker certificage logic in
https://github.com/kubernetes/minikube/blob/b94d673ae2704efe82141aba2c0511eed0e05b32/pkg/provision/provision.go#L105
The auth options where you could define the SANs are also not close to the k8s bootstrap logic
https://github.com/kubernetes/minikube/blob/b94d673ae2704efe82141aba2c0511eed0e05b32/pkg/minikube/machine/client.go#L104-L112
An easier way could be to add "minikube" and the machineName
in provision.go#105
, the first one so that one always works and the second one as it also seams reasonable to me if you have multiple minikube VMs to talk to them by their profile name.
What do you think about this?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale
@linkvt Seems like a reasonable approach to me, feel free to open a PR.
/remove-lifecycle stale
/assign
Hi!
We have a Minikube setup using VirtualBox, where we create/start the cluster with
--apiserver-name=minikube
through a start script that puts the cluster ip into the localhosts
file for theminikube
name. This lets us configure the K8s connection using the stable name instead of the potentially changing IP in a lot of places where we can't easily perform dynamic configuration usingminikube ip
and friends.This works pretty well for the K8s / kubectl side of things, but unfortunately it breaks when we try to do the same for the Docker daemon. This is because the generated server certificate is lacking all the alternative name records that the k8s apiserver.crt has.
Apiserver Certificate:
Docker Daemon Certificate:
Expected: A certificate with the same alternative names as the apiserver, or at least with
DNS:minikube
.The exact command to reproduce the issue: Setup:
Docker issue:
The full output of the command that failed:
error during connect: Get https://minikube:2376/v1.40/images/json: x509: certificate is valid for localhost, not minikube
The output of the
minikube logs
command: