| mbruzek | bdx: there is an extra SANS section to the cert that you can specify. you will have to look at the code, but you may be able to insert the fqdn in the extra sans (if it is not already). | 00:01 |
|---|---|---|
| mbruzek | bdx: to view the cert you can run a command to introspect the certificate or key. | 00:05 |
| mbruzek | openssl x509 -text -in /usr/local/share/ca-certificates/easyrsa.crt | 00:05 |
| mbruzek | bdx: The section you want to look for is X509v3 Subject Alternative Name | 00:09 |
| mbruzek | openssl x509 -text -in /var/lib/juju/agents/unit-easyrsa-0/charm/EasyRSA-3.0.1/pki/issued/kubernetes-master_0.crt | 00:10 |
| bdx | mbruzek: so, I was able to get my fqdn into the certs by specifying it here https://jujucharms.com/u/containers/kubernetes-master/11#charm-config-dns_domain, then just setting the A record pointing to the master to kubernetes.mydomain.com | 00:11 |
| mbruzek | oh yeah | 00:11 |
| mbruzek | That | 00:11 |
| bdx | the kubernetes charm will append the dns_name config to "kubernetes." | 00:12 |
| mbruzek | Do that then! | 00:12 |
| bdx | mbruzek: I did, but then I was still blocked by "unauthorized authority" error .... then I found the '--ssl-verify' option | 00:12 |
| bdx | which I set to false | 00:13 |
| bdx | and I now seem to be able to reach the endpoint successfully, but hit another trapped door :/ | 00:14 |
| bdx | https://imgur.com/a/6IMya | 00:15 |
| bdx | mbruzek: thanks for your insight there | 00:19 |
| catbus1 | stokachu: Hi, conjure-up imports ubuntu .root.tar.gz images for novakvm, shouldn't it be ubuntu -disk1.img? | 00:50 |
| catbus1 | https://github.com/conjure-up/spells/blob/master/openstack-base/steps/share/glance.sh | 00:50 |
| catbus1 | https://jujucharms.com/openstack-base/ | 00:51 |
| catbus1 | or is it the lxd images will work on kvm machines as well? | 00:52 |
| === ken is now known as Guest85087 | ||
| === ayan is now known as GoosGoarch | ||
| ElikseN | NUDNO | 20:10 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!