It's interesting that the logs are stating that it is a keyusage error. Can
you get the keyusage for your generated cert and the ca.crt you used to
generate it? The command to do so is:
openssl x509 -in -purpose -noout -text
Nathan
On Wednesday, September 27, 2017 at 6:39:54 AM UTC-6,
Hi Nathan,
Thanks for the hint.
The result of the command is:
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME
I think what you're doing is super neat, but I'm curious to hear in more detail
about your complaints with Jsonnet. I find it to be quite elegant, myself.
(Though, as you know, I'm quite biased at this point.)
On Thursday, September 28, 2017 at 2:49:52 AM UTC-7, Mahieddine Cherif wrote:
> Hi
Hi Keith
ksonnet like you already know is just a bunch of generated mixins on top of
jsonnet, this makes its templates hard to read and write, moreover the
design choices made for jsonnet didn't attract us. I mean we all know what
happens when you put a programming language inside a
How did you start kube-apiserver? AFAIK usually it's a static pod, defined
in /etc/kubernetes/manifests, and picked up by kubelet directly. So if you
want to edit it, you need to edit the spec file in that directory. Changes
will be applied automatically.
Am Mittwoch, 27. September 2017
Hi, guys. How do you handle the API server keypair getting expired? I
didn't see much discuss about this. I did a little test, and discovered
after I update API server keypair, I needed to delete all secret in
serviceaccount, let k8s regenerate it, and restart all pods manually ... In
a big
You can also run jstatd in a running pod and then attach JVisualVM. I
haven't done it myself, but the general procedure is:
- kubectl exec into the pod
- Write the policy file to disk: echo 'grant codebase
"file:${java.home}/../lib/tools.jar" { permission
java.security.AllPermission; };' >
How does this compare to ksonnet [1]? This is based on jsonnet [2] which has a
good comparison [3] with other approaches.
[1] http://ksonnet.heptio.com
[2] http://jsonnet.org
[3] http://jsonnet.org/language/comparisons.html
--
You received this message because you are subscribed to the Google