search

mmumshad / kubernetes-the-hard-way

Bootstrap Kubernetes the hard way on Vagrant on Local Machine. No scripts.
Apache License 2.0
4.6k stars 4.48k forks source link

Issue generating API Server CSR #299

Closed poojadalal closed 1 year ago

poojadalal commented 1 year ago

Section - 04-certificate-authority - The Kubernetes API Server Certificate

openssl genrsa -out kube-apiserver.key 2048

openssl req -new -key kube-apiserver.key \ -subj "/CN=kube-apiserver/O=Kubernetes" -out kube-apiserver.csr -config openssl.cnf

I'm getting the below error, not sure if I have missed anything. Is this something you can help me with?

Error checking request extension section v3_req 4027C361C07F0000:error:11000076:X509 V3 routines:a2i_GENERAL_NAME:bad ip address:../crypto/x509/v3_san.c:556:value= 4027C361C07F0000:error:11000080:X509 V3 routines:X509V3_EXT_nconf_int:error in extension:../crypto/x509/v3_conf.c:48:section=v3_req, name=subjectAltName, value=@alt_names

ramzi-afli commented 1 year ago

@poojadalal I also had this issue , the way to solve it is to hard code all ip addresses it will look something like this : cat > openssl.cnf <<EOF [req] req_extensions = v3_req distinguished_name = req_distinguished_name [req_distinguished_name] [v3_req] basicConstraints = critical, CA:FALSE keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1 = kubernetes DNS.2 = kubernetes.default DNS.3 = kubernetes.default.svc DNS.4 = kubernetes.default.svc.cluster DNS.5 = kubernetes.default.svc.cluster.local IP.1 = 10.96.0.1 IP.2 = 192.168.56.11 IP.3 = 192.168.56.12 IP.4 = 192.168.56.30 IP.5 = 127.0.0.1 EOF

poojadalal commented 1 year ago

Not sure how I missed this, but thanks for the help! it is now working for me

ramzi-afli commented 1 year ago

@poojadalal please close this issue !!

poojadalal commented 1 year ago

marking this resolved, the issue is resolved with IP addresses