I am trying to install gitlab-agent using helm with a self-signed certificate that has SANs for the IP address 192.168.27.220. I have created the certificate using OpenSSL with the following configuration file:
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = VN
ST = HN
L = HA NOI
O = GitLab
OU = IT
CN = 192.168.27.220
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
IP.1 = 192.168.27.220
I have regenerated and signed the certificate request with my own CA after changing the configuration file.
However, when I run this helm command:
helm upgrade --install test-tool gitlab/gitlab-agent
--namespace gitlab-agent-test-tool
--create-namespace
--set image.tag=v15.9.0
--set config.token=xxx-xxx
--set config.kasAddress=wss://192.168.27.220:9999/-/kubernetes-agent/
--set config.caCert="$(cat /home/worker1/helm/server.pem)"
--set kas.sslCertFile="$(cat /home/worker1/helm/server.pem)"
I get the following error:
Connect(): rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: failed to WebSocket dial: failed to send handshake request: Get "https://192.168.27.220:9999/-/kubernetes-agent/": x509: certificate relies on legacy Common Name field, use SANs instead"
What am I doing wrong and how can I fix it?