Enable TLS on kubernetes

nikfot · February 3, 2021, 1:14pm

Hello,

I am trying to activate TLS for Consul on an on premise kubernetes cluster. I am following this guide, and TLS has been established correctly, however UI returns a bad certificate:

With port forwarding it works. So it has to do something with the DNS.
I am using F5 ingresses as a consul UI DNS.
I have seen many guides however I would like to know if there is something clear, since I am not sure I 'm down the right path.

Thanks,
Nikos

ishustava1 · February 3, 2021, 5:56pm

Hey @nikfot

You might need to add additional SANs to your server certificate. You can do it in the Helm chart via global.tls.serverAdditionalDNSSANs and global.tls.serverAdditionalIPSANs properties.

nikfot · February 4, 2021, 8:13am

Thanks for the quick answer. I tried adding it like that:
serverAdditionalDNSSANs: ["'consul.test.example'"]
consul.test.example is the dns where the ingress is pointing. If this is the correct way to add it maybe I should try adding the IP.

ishustava1 · February 4, 2021, 8:58pm

@nikfot I think you might have a set of extra quotes there. I think it should be either:

serverAdditionalDNSSANs: ["consul.test.example"]

OR

serverAdditionalDNSSANs: ['consul.test.example']

Topic		Replies	Views
Consul verified TLS from Pods in Kubernetes cluster Consul k8s	12	4001	May 29, 2020
Enabling TLS causes tls-init container to fail: /bin/sh: consul-k8s-control-plane: not found Consul k8s , connect	7	1058	October 18, 2021
Consul TLS verification from k8s cluster to Consul Server Consul k8s	9	3142	September 1, 2020
Consul API gateway with service mesh on EKS. Gateway ready - false Consul consul-api-gateway	8	748	May 2, 2022
Installing Consul as backend for Vault Consul	0	341	July 7, 2021

Enable TLS on kubernetes

Related topics