Skip to content

Commit

Permalink
update curl description
Browse files Browse the repository at this point in the history
  • Loading branch information
@m1ghtym0
m1ghtym0 committed Mar 18, 2024
1 parent d1b4198 commit dfb0559
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
10 changes: 5 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -278,14 +278,14 @@ You can securely connect to the workloads using the Coordinator's `mesh-root.pem
First, expose the service on a public IP address via a LoadBalancer service:

```sh
kubectl patch svc web-svc -p '{"spec": {"type": "LoadBalancer"}}'
timeout 30s bash -c 'until kubectl get service/web-svc --output=jsonpath='{.status.loadBalancer}' | grep "ingress"; do sleep 2 ; done'
lbip=$(kubectl get svc web-svc -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
kubectl patch svc ${MY_SERVICE} -p '{"spec": {"type": "LoadBalancer"}}'
timeout 30s bash -c 'until kubectl get service/${MY_SERVICE} --output=jsonpath='{.status.loadBalancer}' | grep "ingress"; do sleep 2 ; done'
lbip=$(kubectl get svc ${MY_SERVICE} -o=jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo $lbip
```

Note: The workload certificate is a DNS wildcard certificate.
curl's Subject Alternative Name (SAN) verification is not compatible with a full wildcard certificate, hence, with curl you need to skip the validation:
Note: All workload certificates are created with a wildcard DNS entry. Since we are accessing the load balancer via IP, the SAN checks the certificate for IP entries in the SAN field. Since the certificate doesn't contain any IP entries as SAN, the validation fails.
Hence, with curl you need to skip the validation:

```sh
curl -k "https://${lbip}:8443"
Expand Down
4 changes: 2 additions & 2 deletions dev-docs/user-manual.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,8 +232,8 @@ lbip=$(kubectl get svc web-svc -o=jsonpath='{.status.loadBalancer.ingress[0].ip}
echo $lbip
```

Note: The workload certificate is a DNS wildcard certificate.
curl's Subject Alternative Name (SAN) verification is not compatible with a full wildcard certificate, hence, with curl you need to skip the validation:
Note: All workload certificates are created with a wildcard DNS entry. Since we are accessing the load balancer via IP, the SAN checks the certificate for IP entries in the SAN field. Since the certificate doesn't contain any IP entries as SAN, the validation fails.
Hence, with curl you need to skip the validation:

```sh
curl -k "https://${lbip}:8443"
Expand Down

0 comments on commit dfb0559

Please sign in to comment.