Add check for self-signed certs #10
Conversation
Signed-off-by: Zespre Chang <[email protected]>
| else | ||
| echo "The SAN extension of the certificate does not contain the VIP address $vip" | ||
| echo "For more information, please visit: https://github.com/harvester/harvester/issues/4519" | ||
| record_fail |
There was a problem hiding this comment.
question: do not allow upgrade in such case? how can user fix it?
There was a problem hiding this comment.
This script only helps to check for upgrades and does not prevent any upgrade process; however, it is not recommended to proceed with the upgrade operation if it contains an error message. And I think It would be more useful if we could link to a suggested workaround once it was available.
There was a problem hiding this comment.
sounds good, let's wait for the workaround and update here again
|
Please also check this new issue: harvester/harvester#4531 |
|
Close this as it becomes unnecessary. We've already shipped the fix in the new version (harvester/harvester#4585) and have the workaround covered in the docs (harvester/docs#462). |
3 participants
The newly added function will detect whether the user-provided
ssl-certificatesSetting contains a self-signed certificate. If the certificate was not generated and signed properly, e.g., include the right IP SANs, an error will occur in the following upgrade.Related issue: harvester/harvester#4519