Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

readme: update aks setup description #250

Merged
merged 9 commits into from
Mar 19, 2024
Merged

readme: update aks setup description #250

merged 9 commits into from
Mar 19, 2024

Conversation

m1ghtym0
Copy link
Member

  • Update Azure AKS setup description

TODO:

  • Add information about region availability of the preview
  • Copy to user manual after review

@m1ghtym0 m1ghtym0 requested a review from 3u13r March 14, 2024 15:18
@m1ghtym0 m1ghtym0 requested a review from katexochen as a code owner March 14, 2024 15:18
@m1ghtym0 m1ghtym0 changed the title M/ref/feedback readme: update azure aks setup description Mar 14, 2024
@m1ghtym0 m1ghtym0 changed the title readme: update azure aks setup description readme: update aks setup description Mar 14, 2024
@m1ghtym0 m1ghtym0 added the no changelog PRs not listed in the release notes label Mar 15, 2024
3u13r
3u13r requested changes Mar 15, 2024
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that we also need those changes in the user-manual (now), since we are already working on getting the docs website ready.

README.md Outdated
echo $lbip
```

```sh
curl --cacert ./verify/mesh-root.pem "https://${lbip}:8443"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
curl --cacert ./verify/mesh-root.pem "https://${lbip}:8443"
curl -k "https://${lbip}:8443"

The verification will fail, since the workload cert does not contain the IP in its SAN list.

We can add the following paragraph from the user-manual.md:

The workload certificate is a DNS wildcard certificate. Therefore, SAN is expected to fail when accessing the workload via an IP address.
On Azure, all load balancers automatically get ephemeral DNS entries, so either
use that or configure DNS yourself.

To validate the certificate locally, use `openssl`:

```sh
openssl s_client -showcerts -connect ${lbip}:443 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > certChain.pem
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "cert." c ".pem"}' < certChain.pem
openssl verify -verbose -trusted verify/mesh-root.pem -- cert.1.pem

katexochen
katexochen reviewed Mar 18, 2024
View reviewed changes
README.md Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
katexochen
katexochen reviewed Mar 18, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
3u13r
3u13r requested changes Mar 18, 2024
View reviewed changes
dev-docs/user-manual.md Outdated Show resolved Hide resolved
3u13r
3u13r requested changes Mar 18, 2024
View reviewed changes
dev-docs/user-manual.md Outdated Show resolved Hide resolved
README.md Outdated Show resolved Hide resolved
3u13r
3u13r approved these changes Mar 19, 2024
View reviewed changes
Copy link
Member

@3u13r 3u13r left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@m1ghtym0 m1ghtym0 merged commit 89184c1 into main Mar 19, 2024
7 checks passed
@m1ghtym0 m1ghtym0 deleted the m/ref/feedback branch March 19, 2024 08:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@katexochen katexochen katexochen approved these changes

@3u13r 3u13r 3u13r approved these changes

Assignees
No one assigned
Labels
no changelog PRs not listed in the release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@m1ghtym0 @3u13r @katexochen