K
Q

Helm - Error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

9/9/2019

I am getting below error when I install helm with TLS. I applied the given solution here: https://helm.sh/docs/tiller_ssl/#troubleshooting but, still it's not working.

Error: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

generating SSL files:

openssl req -x509 -newkey rsa:4096 -sha256 -keyout helm.ca.key.pem -out helm.ca.cert.pem -subj "/C=CA/ST=St/L=Ms/O=Fi/OU=Dp/CN=tiller" -days 7200 -extensions v3_ca -nodes
openssl genrsa -out ./helm.tiller.key.pem 4096
openssl genrsa -out ./helm.client.key.pem 4096
openssl req -key helm.tiller.key.pem -new -sha256 -out helm.tiller.csr.pem -subj "/C=CA/ST=St/L=Ms/O=Fi/OU=Dp/CN=tiller-server"
openssl req -key helm.client.key.pem -new -sha256 -out helm.client.csr.pem -subj "/C=CA/ST=St/L=Ms/O=Fi/OU=Dp/CN=helm"

echo subjectAltName=IP:127.0.0.1 > extfile.cnf
openssl x509 -req -CA helm.ca.cert.pem -CAkey helm.ca.key.pem -CAcreateserial -in helm.tiller.csr.pem -out helm.tiller.cert.pem -days 1800 -extfile extfile.cnf
openssl x509 -req -CA helm.ca.cert.pem -CAkey helm.ca.key.pem -CAcreateserial -in helm.client.csr.pem -out helm.client.cert.pem  -days 1800 -extfile extfile.cnf

helm init:

helm init --tiller-tls --tiller-tls-cert ./helm.tiller.cert.pem --tiller-tls-key ./helm.tiller.key.pem --tiller-tls-verify --tls-ca-cert helm.ca.cert.pem
kubectl -n kube-system wait --for=condition=Ready pod -l name=tiller --timeout=300s
helm ls --tls --tls-ca-cert ./helm.ca.cert.pem --tls-cert ./helm.client.cert.pem --tls-key ./helm.client.key.pem
-- Ronak Patel
helm-tls
kubernetes-helm
ssl

Similar Questions

Fail to connect the GKE with GCE on the same VPC?
How to create additional istio ingress gateway?
How to setup one Redis cluster across multiple Kubernetes cluster
Disk Usage in kubernetes pod
error starting docker daemon on ubuntu 14.04 (Devices cgroup isn't mounted)

0 Answers