why does my kubernetes certificate still show DNS Name=ingress.local in the browser?

11/8/2021

I am install gitlab with helm, I have created the certificate in kubernetes with the below commands.

However when i run the helm install, and i enter the address in the browers (ip-address.nip.io) I still get "Your connection is not private" message. I have installed the certificate to my Trusted Root Certificate Authority.

When I inspect the certificate details from the browser, i see that it still shows the Subject Alternative Name -> DNS Name=ingress.local

I am unable to get the my endpoint of ip-address.nip.io from the browser and that is the goal.

K8s certificate

cat <<EOF | cfssl genkey - | cfssljson -bare server
{
  "hosts": [
    "<ip-address>.nip.io",
    "registry.<ip-address>.nip.io",
    "gitlab.<ip-address>.nip.io",
    "minio.<ip-address>.nip.io"
  ],
  "CN": "<ip-address>.nip.io",
  "key": {
    "algo": "rsa",
    "size": 2048
  }
}
EOF
cat <<EOF | kubectl apply -f -
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
  name: <ip-address>.nip.io
spec:
  request: $(cat server.csr | base64 | tr -d '\n')
  usages:
  - digital signature
  - key encipherment
  - server auth
EOF

kubectl certificate approve <ip-address>.nip.io

kubectl get csr <ip-address>.nip.io -o jsonpath='{.status.certificate}' | base64 --decode > server.crt

kubectl create secret tls <secret-name> --key server-key.pem --cert server.crt
-- eagercoder
gitlab
kubernetes
kubernetes-ingress
ssl-certificate
x509certificate

1 Answer

11/8/2021

Check your ingress hosts config and secrets are properly getting set

spec:
  tls:
  - secretName: cert-secret
    hosts:
    - app.dev.example.com    <---- this entry should match below
  - secretName: dev-wildcard-tls-cert
    hosts:
    - "*.app.example.com"    <---- this entry should match below

  rules:
  - host: app.dev.example.com   <---- this entry should match
    http:
      paths:
      - path: /
        backend:
          serviceName: service-2
          servicePort: 80
  - host: "*.app.example.com"   <---- this entry should match
    http:
      paths:
      - path: /
        backend:
          serviceName: service-1
          servicePort: 80
-- Harsh Manvar
Source: StackOverflow