K
Q

Couldn't validate certificates for *.*.compute internal hostnames in AWS

10/12/2018

I've created K8S cluster in AWS and generated certificates per each component and they can connect eachother. But while I'm trying to get logs or installing an application via Helm, i'M getting below error :

$ helm install ./.helm
Error: forwarding ports: error upgrading connection: error dialing backend: x509: certificate is valid for bla-bla-bla.eu-central-1.elb.amazonaws.com, worker-node, .*.compute.internal, *.*.compute.internal, *.ec2.internal, bla-bla-bla.eu-central-1.elb.amazonaws.com, not ip-172-20-74-98.eu-central-1.compute.internal`

and my certificate is :

X509v3 Subject Alternative Name:
DNS:bla-bla-bla.eu-central-1.elb.amazonaws.com, DNS:worker-node, DNS:.*.compute.internal, DNS:*.*.compute.internal, DNS:*.ec2.internal, DNS:bla-bla-bla.eu-central-1.elb.amazonaws.com, IP Address:172.20.32.10, IP Address:172.20.64.10, IP Address:172.20.96.10`

Thanks for your help best,

-- Muhammet Arslan
amazon-web-services
kubernetes
kubernetes-helm

Similar Questions

Does Kubernetes cache docker-registry secrets?
Recover kops Kubernetes cluster
Error while accessing Kibana UI using RBAC
Is it possible to use 'systemctl' in pod?
How to configure logs file location in newrelic.js to point to a Kubernetes volume
Setting boot disk size for autoscaling kubernetes cluster through Terraform
How to setup ExternalDNS on Microk8s cluster?
Error execution phase kubelet-start: a Node with name ... and status Ready already exists in the cluster

1 Answer

10/12/2018

Wildcard certificates can only be used for a single segment of DNS names. You will need a certificate valid for ip-172-20-74-98.eu-central-1.compute.internal or *.eu-central-1.compute.internal

-- Jordan Liggitt
Source: StackOverflow