prodvider: use SANs in service certificates This fixes compatibility with prodaccess tools built with Go 1.15, which introduced 'X.509 CommonName deprecation' [1]. [1] - https://golang.org/doc/go1.15#commonname Change-Id: I228cde3e5651a3e36f527783f2ccb4a2f6b7a8e3

commit: f0acf165642c1b5e8c0a47d5602ec2edd14a8e74 [log] [tgz]
author: Serge Bazanski <q3k@hackerspace.pl> Sat Oct 03 16:49:51 2020 +0200
committer: q3k <q3k@hackerspace.pl> Sat Oct 03 14:56:35 2020 +0000
tree: a4fe8d473a718b1762bf451abf8abd56836eacd2
parent: 44628f2b9ec99e59444c8f928db2bb65d4773b50 [diff]
diff --git a/cluster/kube/lib/prodvider.libsonnet b/cluster/kube/lib/prodvider.libsonnet
index 8eaa834..a4cb438 100644
--- a/cluster/kube/lib/prodvider.libsonnet
+++ b/cluster/kube/lib/prodvider.libsonnet

@@ -9,7 +9,7 @@
 
         cfg:: {
             namespace: "prodvider",
-            image: "registry.k0.hswaw.net/q3k/prodvider:1596298570-f3312ef77ed0db94e20944efc6395750072f54d5",
+            image: "registry.k0.hswaw.net/q3k/prodvider:1601735780-d6c072a90e70b467a77039daebe602c77b4a84a1",
 
             apiEndpoint: error "API endpoint must be set",
 

diff --git a/cluster/prodvider/certs.go b/cluster/prodvider/certs.go
index bed0e48..309af1f 100644
--- a/cluster/prodvider/certs.go
+++ b/cluster/prodvider/certs.go

@@ -57,6 +57,7 @@
 				OU: signerCert.Subject.OrganizationalUnit[0],
 			},
 		},
+		Hosts: []string{flagProdviderCN},
 	}
 
 	g := &csr.Generator{
@@ -68,7 +69,7 @@
 
 func (p *prodvider) makeSelfCertificate(csr []byte) ([]byte, error) {
 	req := signer.SignRequest{
-		Hosts:   []string{},
+		Hosts:   []string{flagProdviderCN},
 		Request: string(csr),
 		Profile: "server",
 	}
commit	f0acf165642c1b5e8c0a47d5602ec2edd14a8e74	[log] [tgz]
author	Serge Bazanski <q3k@hackerspace.pl>	Sat Oct 03 16:49:51 2020 +0200
committer	q3k <q3k@hackerspace.pl>	Sat Oct 03 14:56:35 2020 +0000
tree	a4fe8d473a718b1762bf451abf8abd56836eacd2
parent	44628f2b9ec99e59444c8f928db2bb65d4773b50 [diff]