Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

certificate is not valid for any names, but wanted to match modelmesh-serving #522

Open
janekmichalik opened this issue Jul 31, 2024 · 0 comments
Open

certificate is not valid for any names, but wanted to match modelmesh-serving #522

janekmichalik opened this issue Jul 31, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@janekmichalik
Copy link

janekmichalik commented Jul 31, 2024
edited
Loading

Describe the bug

I have followed the docs how to configure TLS.
I have set tls.secretName and tls.clientAuth.
Modelmesh controller is not able to connect to model mesh serving, because of:

{"level":"info","ts":"2024-08-01T08:35:07Z","logger":"MMService","msg":"Established new MM gRPC connection","namespace":"test","endpoint":"kube:///modelmesh-serving.test:8033","TLS":true}
...
"error":"failed to SetVModel for InferenceService 66a9edd4d028f175007aa90c-active: rpc error: code = Unavailable desc = last connection error: connection error: desc = \"transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match modelmesh-serving.test\"","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/root/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:329\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/root/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/root/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227"

Details of cert on model mesh serving pod:

        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Certificate Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                B8:9F:57:4E:9A:B4:B4:7B:A8:CF:D3:FB:3F:CE:CB:84:06:88:95:18
            X509v3 Subject Alternative Name:
                DNS:localhost, DNS:modelmesh-serving, DNS:modelmesh-serving.test, DNS:modelmesh-serving.test.svc, DNS:modelmesh-serving.test.svc.cluster.local, IP Address:127.0.0.1

I can't see how to configure the controller to respect my TLS settings.

Am I doing something wrong?

Expected behavior

Connection is working.

Environment (please complete the following information):

  • Version v0.12.0
@janekmichalik janekmichalik added the bug Something isn't working label Jul 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@janekmichalik