Open miteshskj opened 2 years ago
I confirmed that this is reproducible and your suggestion LGTM. /triage accepted
I searched for "nginxsvc" in kubernetes/website repo, but found nothing. But in kubernetes/examples repo, a few strings were found.
So it seems that we have to replace all the "nginxsvc" strings with "my-nginx" in kubernetes/examples repo. 😊
Thanks @jihoon-seo , will send a PR to examples repo.
Maybe we should leave the examples repo as is, and update the website repo?
Duplicated by https://github.com/kubernetes/website/issues/35697
Duplicated by https://github.com/kubernetes/website/issues/34322
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
This issue has not been updated in over 1 year, and should be re-triaged.
You can:
/triage accepted
(org members only)/close
For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/
/remove-triage accepted
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale /lifecycle frozen /triage accepted
This is still valuable IMO.
For people who will take up the issue - please note that you need to be making changes to the k/website repo and NOT the examples repo.
/help
@divya-mohan0209: This request has been marked as needing help from a contributor.
Please ensure that the issue body includes answers to the following questions:
For more details on the requirements of such an issue, please see here and ensure that they are met.
If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help
command.
I'd like to help with this. However, I noticed there's no mention of "nginxsvc" in the kubernetes/website
repo, and the page at https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#securing-the-service also doesn't explicitly mention "nginxsvc". It has a few matches only in the kubernetes/examples
repo.
Hence, I'm a bit confused about what changes to do in the website repo. Can you guide me more on what kind of help you're looking for? @sftim
Should I replace the occurrence of my-nginx
(which would be too many - 54 on that page) with nginxsvc
in the website repo to match with the examples repo, or should I just change the occurrence of nginxsvc
in the example at nginx https example, as was done in PR #445, so the example matches with the next steps in the docs?
(Just for context, https://kubernetes.io/docs/tutorials/services/connect-applications-service/ links to https://github.com/kubernetes/examples/tree/master/staging/https-nginx/)
Hi @ArvindParekh, thank you for volunteering!
The changes to be made to the k/website repo would be to replace my-nginx with nginxsvc.
Also, the 54 replacements that you mention on the page include file names. Therefore, the fix for this issue will not be through a simple find-and-replace operation. You will need to ensure that the replacement is for the relevant entries only.
Our aim is to ensure that once you make the relevant fixes to the YAML files on this page, you should be able to run kubectl exec curl-deployment-1515033274-1410r -- curl https://my-nginx/ --cacert /etc/nginx/ssl/tls.crt
using both the methods specified in the description of the issue.
I understand. Thank you for helping out, Divya. I'll start working on it. /assign
In the page - https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/#securing-the-service there are two methods provided, to create certificate for setting up nginx with SSL:
In method 1, the subj used is CN=nginxsvc/O=nginxsvc and in method 2 its /CN=my-nginx/O=my-nginx
Further down the document, to access the site without SSL error following command is provided: kubectl exec curl-deployment-1515033274-1410r -- curl https://my-nginx --cacert /etc/nginx/ssl/tls.crt
This command works fine if the certificate is generated using method 2. However it will give following error if method 1 is used: kubectl exec curl-deployment-948555475-7mnx9 -- curl https://my-nginx --cacert /etc/nginx/ssl/tls.crt curl: (51) SSL: certificate subject name 'nginxsvc' does not match target host name 'my-nginx' command terminated with exit code 51
The subj can be changed in https://github.com/kubernetes/examples/blob/master/staging/https-nginx/Makefile to match my-nginx, however I am not sure if it would impact other examples.
Any suggestions/comments?