prodvider: use SANs in service certificates
This fixes compatibility with prodaccess tools built with Go 1.15, which
introduced 'X.509 CommonName deprecation' [1].
[1] - https://golang.org/doc/go1.15#commonname
Change-Id: I228cde3e5651a3e36f527783f2ccb4a2f6b7a8e3
diff --git a/cluster/kube/lib/prodvider.libsonnet b/cluster/kube/lib/prodvider.libsonnet
index 8eaa834..a4cb438 100644
--- a/cluster/kube/lib/prodvider.libsonnet
+++ b/cluster/kube/lib/prodvider.libsonnet
@@ -9,7 +9,7 @@
cfg:: {
namespace: "prodvider",
- image: "registry.k0.hswaw.net/q3k/prodvider:1596298570-f3312ef77ed0db94e20944efc6395750072f54d5",
+ image: "registry.k0.hswaw.net/q3k/prodvider:1601735780-d6c072a90e70b467a77039daebe602c77b4a84a1",
apiEndpoint: error "API endpoint must be set",
diff --git a/cluster/prodvider/certs.go b/cluster/prodvider/certs.go
index bed0e48..309af1f 100644
--- a/cluster/prodvider/certs.go
+++ b/cluster/prodvider/certs.go
@@ -57,6 +57,7 @@
OU: signerCert.Subject.OrganizationalUnit[0],
},
},
+ Hosts: []string{flagProdviderCN},
}
g := &csr.Generator{
@@ -68,7 +69,7 @@
func (p *prodvider) makeSelfCertificate(csr []byte) ([]byte, error) {
req := signer.SignRequest{
- Hosts: []string{},
+ Hosts: []string{flagProdviderCN},
Request: string(csr),
Profile: "server",
}