MicroCluster requires the name of the cluster member to be a FQDN and it also checks that this name is among certificate SAN.
|
certNameMatches := shared.ValueInSlice(req.Name, serverCert.DNSNames) |
// Subject Alternate Name values. (Note that these values may not be valid
// if invalid values were contained within a parsed certificate. For
// example, an element of DNSNames may not be a valid DNS domain name.)
DNSNames []string
However usage of ValueInSlice doesn't work for certificates that have wildcard DNS
This certificate won't work for member1.maas.internal
X509v3 Subject Alternative Name:
DNS:*.maas.internal, DNS:maas, IP Address:127.0.0.1, URI:*
// ValueInSlice returns true if key is in list.
func ValueInSlice[T comparable](key T, list []T) bool {
for _, entry := range list {
if entry == key {
return true
}
}
return false
}
MicroCluster requires the name of the cluster member to be a FQDN and it also checks that this name is among certificate SAN.
microcluster/internal/rest/resources/control.go
Line 83 in d50fa50
However usage of
ValueInSlicedoesn't work for certificates that have wildcard DNSThis certificate won't work for
member1.maas.internal