Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

insecureSkipTlsVerify option is not available for RedpandaConsole- Admin API configuration or RPK CLI -X either #24711

Open
buznyusz opened this issue Jan 7, 2025 · 2 comments
Open

insecureSkipTlsVerify option is not available for RedpandaConsole- Admin API configuration or RPK CLI -X either #24711

buznyusz opened this issue Jan 7, 2025 · 2 comments
Labels
area/rpk kind/bug Something isn't working

Comments

@buznyusz
Copy link

buznyusz commented Jan 7, 2025
edited by jira bot
Loading

Version & Environment

Redpanda version: (use rpk version):

Version: v24.3.1
Git ref: afe1a3f
Build date: 2024-12-02T23:29:48Z
OS/Arch: linux/amd64 ( RHEL9 )

Include link to test results for automated test failures

 rpk version -X admin.tls.enabled=true -X admin.tls.ca=/redpanda/ssl/ca.cer  -vvvv
Version:     v24.3.1
Git ref:     afe1a3f1ff
Build date:  2024-12-02T23:29:48Z
OS/Arch:     linux/amd64
Go version:  go1.23.1
17:28:47.557  DEBUG  Sending request  {"method": "GET", "url": "https://127.0.0.1:9644/v1/features/enterprise", "bearer": false, "basic": false}
17:28:47.566  DEBUG  Retrying GET for error: Get "https://127.0.0.1:9644/v1/features/enterprise": tls: failed to verify certificate: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs

Jan 7 17:31:30 lxvredpandad1 redpanda-console[47171]: {"level":"debug","ts":"2025-01-07T17:31:30.141+0100","msg":"Retrying GET for error: Get "https://localhost:9644/v1/brokers\": tls: failed to verify certificate: x509: certificate is valid for lxvredpandad1, lxvredpandad1.develop.raiffeisen.hu, not localhost\n"}`

We have to option at the many places ( broker connection, schema registry connection ), but not at the admin api:
https://docs.redpanda.com/current/console/config/configure-console/

How to reproduce the issue?

  1. generate a certificate without the localhost / 127.0.0.1 in the SAN IP's
  2. Set SSL for Admin API
  3. rpk version -X admin.tls.enabled=true -X admin.tls.ca=/redpanda/ssl/ca.cer -v

JIRA Link: CORE-8731
@buznyusz buznyusz added the kind/bug Something isn't working label Jan 7, 2025
@buznyusz buznyusz changed the title insecureSkipTlsVerify option is not available for RedpandaConsole configuration or RPK CLI -X either insecureSkipTlsVerify option is not available for RedpandaConsole- Admin API configuration or RPK CLI -X either Jan 8, 2025
@r-vasquez
Copy link
Contributor

r-vasquez commented Jan 8, 2025
edited
Loading

Hi @buznyusz

In the example above, for the CLI example, did you try using -X admin.tls.insecure_skip_verify ?

@buznyusz
Copy link
Author

buznyusz commented Jan 9, 2025

Hi @buznyusz

In the example above, for the CLI example, did you try using -X admin.tls.insecure_skip_verify ?

Hello
the CLI works with the -X admin.tls.insecure_skip_verify=true but it is an undocumented option as i see:
https://docs.redpanda.com/current/reference/rpk/rpk-x-options/

And we do not have this option when we configure the RedpandaConsole
https://docs.redpanda.com/current/console/config/configure-console/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/rpk kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@buznyusz @r-vasquez