[caasp-beta] Antw: kubeconfig download error with DEX internal server error , Login error
Rafael Fernández López
rfernandezlopez at suse.de
Tue Nov 21 08:44:27 MST 2017
Hello Rushi,
On Tue, Nov 21, 2017 at 03:29:36PM +0000, Ns, Rushi wrote:
> Hi Martin
>
> Thank you. Yes I did , I used load balancer IP (lvsusekub8.pal.sap.corp) whichi s out of the cluster node address. The host I’ve specified is not velum ip, not master ip and not any of worker ip’s.
We are studying the problem at the moment. From what I could see this is what's happening:
- When the admin node starts it generates several certificates, based on the information of
the machine in the moment of the boot (transient and static hostnames, machine attached
ip addresses...). This hostnames get added to some initial certificates in their SAN
extensions, as well as the attached IP addresses of the admin node.
- When you enter the internal dashboard fqdn (first field on first page of the Velum setup),
if you enter an external name not detected by this very first step (e.g. with cloud-init
you chose as hostname `admin`, and in this field you write `admin.my.company`), the certificate
used by LDAP won't contain `admin.my.company`, whereas Dex will try to connect to
the LDAP instance in the admin node using `admin.my.company:389`.
This effectively makes the TLS handshake to fail, and Dex is unable to authenticate the user
against LDAP.
More information will be added to the bug report, and we'll keep you updated.
Thank you.
--
Cheers,
Rafa.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20171121/d2981545/attachment.sig>
More information about the caasp-beta
mailing list