Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubelet uses self-signed serving certs #486

Closed
mfojtik opened this issue Oct 18, 2018 · 4 comments
Closed

kubelet uses self-signed serving certs #486

mfojtik opened this issue Oct 18, 2018 · 4 comments
Assignees
@sjenning

Comments

@mfojtik
Copy link
Contributor

mfojtik commented Oct 18, 2018

After #420 merged, we are not setting the ca field for kubeletClientInfo which will cause the kube-apiserver->kubelet communication is insecure because the kubelet identity is not checked.

/assign @sjenning
@mfojtik mfojtik mentioned this issue Oct 18, 2018
Merged
@ashcrow
Copy link
Member

ashcrow commented Nov 30, 2018
edited
Loading

Is this still an issue? We seem to be seeing the following now:

Nov 30 20:19:34 test1-master-0 hyperkube[2875]: I1130 20:19:34.843859    2875 logs.go:49] http: TLS handshake error from 192.168.126.51:49656: remote error: tls: bad certificate
Nov 30 20:19:45 test1-master-0 hyperkube[2875]: I1130 20:19:45.660350    2875 logs.go:49] http: TLS handshake error from 192.168.126.51:49698: remote error: tls: bad certificate

Ref: openshift/machine-config-operator#199

@sjenning
Copy link
Contributor

sjenning commented Dec 3, 2018

this is the last bit openshift/machine-config-operator#187

@crawford
Copy link
Contributor

crawford commented Jan 4, 2019

/close

@openshift-ci-robot
Copy link
Contributor

@crawford: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjenning sjenning

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ashcrow @mfojtik @crawford @sjenning @openshift-ci-robot