You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
x509 cert's only allow 64 characters for the CN name, and all k8's values we're using here could be that length by themselves.
"/CN=${SERVICE}.${NAMESPACE}.svc"
The script already is using the cert extensions for DNS, but if you try to setup the operator in a namespace with 40+ characters, it will fail to launch with an error like this:
Generating certs for the Spark pod admission webhook in /tmp/spark-pod-webhook-certs.
803BB7BE987F0000:error:06800097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:../crypto/asn1/a_mbstr.c:106:maxsize=64
req: Error adding subject name attribute "/CN=app-spark-operator-webhook.eventus-app-885b9f64-87f8-4eda-a6a3-9895cdd5fab5.svc"
The script should probably just use the value for the service as it's not going to be longer than 64 characters and is a valid dns endpoint within the namespace
"/CN=${SERVICE}"
The text was updated successfully, but these errors were encountered:
https://github.com/GoogleCloudPlatform/spark-on-k8s-operator/blob/5f2efd4ff97e7c0bfdb726a066118d3401576730/hack/gencerts.sh#L120-L125
x509 cert's only allow 64 characters for the CN name, and all k8's values we're using here could be that length by themselves.
The script already is using the cert extensions for DNS, but if you try to setup the operator in a namespace with 40+ characters, it will fail to launch with an error like this:
The script should probably just use the value for the service as it's not going to be longer than 64 characters and is a valid dns endpoint within the namespace
The text was updated successfully, but these errors were encountered: