@vikashsingh009 As I was looking at the output I spotted an issue. The current node certificate will only work with alpha0 and localhost. Anything other hostname used will not be able to connect.
You would also need to configure these:
-
Alpha 1:
qadgraph-dgraph-alpha-1.qadgraph-dgraph-alpha-headless.default.svc.cluster.local -
Alpha 2:
qadgraph-dgraph-alpha-2.qadgraph-dgraph-alpha-headless.default.svc.cluster.local -
Alpha SVC
qadgraph-dgraph-alpha-headless.default.svc.cluster.local
Additionally, as you are accessing this through a DNS name, you need to add that name as well:
- DNS name:
qadgraph.visur.tech
Thus for this scenario, here’s a solution to generate the certificates with the desired support FQDN hostnames, using a Dgraph container (for dgraph, bash, curl, GNU tools):
docker run --detach --name dgraph-cert \
--volume $PWD/dgraph_tls:/dgraph/dgraph_tls \
dgraph/standalone:v20.11.1
# download script
curl -O https://raw.githubusercontent.com/dgraph-io/charts/master/charts/dgraph/scripts/make_tls_secrets.sh
# copy to a dgraph container
docker cp ./make_tls_secrets.sh dgraph-cert:/dgraph
# create certificates with extra FQDN names
docker exec -t dgraph-cert \
bash /dgraph/make_tls_secrets.sh --release qadgraph --extra qadgraph.visur.tech,qadgraph-dgraph-alpha-headless.default.svc.cluster.local
# verify host names created
docker exec -t dgraph-cert \
dgraph cert ls --dir /dgraph/dgraph_tls/alpha | grep -oP '(?<=Hosts: ).*' | tr -s ', ' '\n'
The output should be the following:
qadgraph-dgraph-alpha-0.qadgraph-dgraph-alpha-headless.default.svc.cluster.local
qadgraph-dgraph-alpha-1.qadgraph-dgraph-alpha-headless.default.svc.cluster.local
qadgraph-dgraph-alpha-2.qadgraph-dgraph-alpha-headless.default.svc.cluster.local
qadgraph.visur.tech
qadgraph-dgraph-alpha-headless.default.svc.cluster.local