I am trying to install gitlab-agent using helm with a self-signed certificate that has SANs for the IP address 192.168.27.220. I have created the certificate using OpenSSL with the following configuration file:
[req] distinguished_name = req_distinguished_name req_extensions = v3_req prompt = no [req_distinguished_name] C = VN ST = HN L = HA NOI O = GitLab OU = IT CN = 192.168.27.220 [v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] IP.1 = 192.168.27.220
I have regenerated and signed the certificate request with my own CA after changing the configuration file.
However, when I run this helm command:
helm upgrade --install test-tool gitlab/gitlab-agent --namespace gitlab-agent-test-tool --create-namespace --set image.tag=v15.9.0 --set config.token=xxx-xxx --set config.kasAddress=wss://192.168.27.220:9999/-/kubernetes-agent/ --set config.caCert="$(cat /home/worker1/helm/server.pem)" --set kas.sslCertFile="$(cat /home/worker1/helm/server.pem)"
I get the following error:
Connect(): rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing: failed to WebSocket dial: failed to send handshake request: Get "https://192.168.27.220:9999/-/kubernetes-agent/": x509: certificate relies on legacy Common Name field, use SANs instead"
What am I doing wrong and how can I fix it?