From e7dc768ae54ded551b7ae2eda38d2e551a4d5dfc Mon Sep 17 00:00:00 2001
From: Novak Ivanovski <novakivanovski@gmail.com>
Date: Fri, 5 Feb 2021 23:58:09 -0500
Subject: [PATCH] Self-signed certificate with Kubernetes fix

In Go 1.15 there is common name deprecation for using Common name:
https://golang.google.cn/doc/go1.15#commonname

This causes the self-signed cert to be rejected by some Kubernetes platforms:
https://stackoverflow.com/questions/64814173/how-do-i-use-sans-with-openssl-instead-of-common-name

Fix is to add this field to the cert.
---
 docs/insecure.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/insecure.md b/docs/insecure.md
index 73dafbe7a..3446a85f3 100644
--- a/docs/insecure.md
+++ b/docs/insecure.md
@@ -68,6 +68,7 @@ This is more secure than the insecure registry solution.
 
     $ openssl req \
       -newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
+      -addext "subjectAltName = DNS:myregistry.domain.com" \
       -x509 -days 365 -out certs/domain.crt
     ```