adds more dns names to try to resolve certificate issues

2023-03-26 09:48:27 -05:00 · 2023-03-26 09:48:27 -05:00 · 8375c8bb20
commit 8375c8bb20
parent c24489854d
2 changed files with 13 additions and 1 deletions
--- a/cmd/webhook/httpServer.go
+++ b/cmd/webhook/httpServer.go
@ -49,6 +49,14 @@ func httpServer(cfg *config.Config) {
 		IdleTimeout:  time.Duration(cfg.WebServerIdleTimeout) * time.Second,
 		TLSConfig: &tls.Config{
 			MinVersion: tls.VersionTLS12,
+			CipherSuites: []uint16{
+				tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+				tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+				tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+				tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			},
 			Certificates: []tls.Certificate{
 				serverCertificate,
 			},
--- a/internal/certificate/create-csr.go
+++ b/internal/certificate/create-csr.go
@ -22,7 +22,11 @@ func CreateCSR(privateKey string) (string, error) {
 			//PostalCode:    []string{""},
 		},
 		DNSNames: []string{
-			"svc.cluster.local",
+			"webhook",
+			"webhook.ingress-nginx",
+			"webhook.ingress-nginx.svc",
+			"webhook.ingress-nginx.svc.cluster",
+			"webhook.ingress-nginx.svc.cluster.local",
 			"*.svc.cluster.local",
 		},
 		SignatureAlgorithm: x509.SHA384WithRSA,