Open miteshskj opened 2 years ago
jihoon-seo
commented
2 years ago I confirmed that this is reproducible and your suggestion LGTM. /triage accepted
I searched for "nginxsvc" in kubernetes/website repo, but found nothing. But in kubernetes/examples repo, a few strings were found.
So it seems that we have to replace all the "nginxsvc" strings with "my-nginx" in kubernetes/examples repo. 😊
miteshskj
commented
2 years ago Thanks @jihoon-seo , will send a PR to examples repo.
sftim
commented
2 years ago Maybe we should leave the examples repo as is, and update the website repo?
sftim
commented
2 years ago Duplicated by https://github.com/kubernetes/website/issues/35697
sftim
commented
2 years ago Duplicated by https://github.com/kubernetes/website/issues/34322
k8s-triage-robot
commented
1 year ago The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle stale/lifecycle rotten/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
vaibhav2107
commented
1 year ago /remove-lifecycle stale
k8s-triage-robot
commented
8 months ago This issue has not been updated in over 1 year, and should be re-triaged.
You can:
/triage accepted (org members only)/closeFor more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/
/remove-triage accepted
k8s-triage-robot
commented
5 months ago The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle stale/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
divya-mohan0209
commented
4 months ago /remove-lifecycle stale /lifecycle frozen /triage accepted
divya-mohan0209
commented
4 months ago This is still valuable IMO.
For people who will take up the issue - please note that you need to be making changes to the k/website repo and NOT the examples repo.
/help
k8s-ci-robot
commented
4 months ago @divya-mohan0209: This request has been marked as needing help from a contributor.
Please ensure that the issue body includes answers to the following questions:
For more details on the requirements of such an issue, please see here and ensure that they are met.
If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.
ArvindParekh
commented
4 months ago I'd like to help with this. However, I noticed there's no mention of "nginxsvc" in the kubernetes/website repo, and the page at https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#securing-the-service also doesn't explicitly mention "nginxsvc". It has a few matches only in the kubernetes/examples repo.
Hence, I'm a bit confused about what changes to do in the website repo. Can you guide me more on what kind of help you're looking for? @sftim
Should I replace the occurrence of my-nginx (which would be too many - 54 on that page) with nginxsvc in the website repo to match with the examples repo, or should I just change the occurrence of nginxsvc in the example at nginx https example, as was done in PR #445, so the example matches with the next steps in the docs?
(Just for context, https://kubernetes.io/docs/tutorials/services/connect-applications-service/ links to https://github.com/kubernetes/examples/tree/master/staging/https-nginx/)
divya-mohan0209
commented
4 months ago Hi @ArvindParekh, thank you for volunteering!
The changes to be made to the k/website repo would be to replace my-nginx with nginxsvc.
Also, the 54 replacements that you mention on the page include file names. Therefore, the fix for this issue will not be through a simple find-and-replace operation. You will need to ensure that the replacement is for the relevant entries only.
Our aim is to ensure that once you make the relevant fixes to the YAML files on this page, you should be able to run kubectl exec curl-deployment-1515033274-1410r -- curl https://my-nginx/ --cacert /etc/nginx/ssl/tls.crt using both the methods specified in the description of the issue.
ArvindParekh
commented
4 months ago I understand. Thank you for helping out, Divya. I'll start working on it. /assign
In the page - https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#securing-the-service there are two methods provided, to create certificate for setting up nginx with SSL:
In method 1, the subj used is CN=nginxsvc/O=nginxsvc and in method 2 its /CN=my-nginx/O=my-nginx
Further down the document, to access the site without SSL error following command is provided: kubectl exec curl-deployment-1515033274-1410r -- curl https://my-nginx --cacert /etc/nginx/ssl/tls.crt
This command works fine if the certificate is generated using method 2. However it will give following error if method 1 is used: kubectl exec curl-deployment-948555475-7mnx9 -- curl https://my-nginx --cacert /etc/nginx/ssl/tls.crt curl: (51) SSL: certificate subject name 'nginxsvc' does not match target host name 'my-nginx' command terminated with exit code 51
The subj can be changed in https://github.com/kubernetes/examples/blob/master/staging/https-nginx/Makefile to match my-nginx, however I am not sure if it would impact other examples.
Any suggestions/comments?