Can't run Allocation example with Go 1.16

[markmandel]

What happened:

Attempting to run the allocation service sample with Go 1.16 results in the following error:

$ go run main.go --ip 35.232.217.29 --namespace default --key /home/markmandel/cloud-game-servers-examples/terraform-4-cluster/allocation/certs/gke_gcgs-beta-demo_us-central1-b_game-cluster-us-2/client.key --cert /home/markmandel/cloud-game-servers-examples/terraform-4-cluster/allocation/certs/gke_gcgs-beta-demo_us-central1-b_game-cluster-us-2/client.crt --cacert /home/markmandel/cloud-game-servers-examples/terraform-4-cluster/allocation/certs/gke_gcgs-beta-demo_us-central1-b_game-cluster-us-2/ca.crt --multicluster truepanic: rpc error: code = Unavailable desc = all SubConns are in TransientFailure, latest connection error: connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 35.232.217.29 because it doesn't contain any IP SANs"
goroutine 1 [running]:main.main()        /home/markmandel/agones/examples/allocator-client/main.go:76 +0x81cexit status 2
$ go version
go version go1.16 linux/amd64

What you expected to happen:

It to successfully allocate.

How to reproduce it (as minimally and precisely as possible):

Follow https://agones.dev/site/docs/advanced/allocator-service/ with openssl certificates, and then attempt to allocate.

Anything else we need to know?:

Not sure of workaround at this stage.

Environment:

• Agones version: 1.12.0
• Kubernetes version (use kubectl version): 1.17.0
• Cloud provider or hardware configuration: GKE
• Install method (yaml/helm): Helm
• Troubleshooting guide log(s): Above
• Others: N/A

[markmandel]

@pooneh-m something you should probably be aware of.

[markmandel]

Workaround!

export GODEBUG=x509ignoreCN=0 before running the command.

[pooneh-m]

The error says: "because it doesn't contain any IP SANs".
Have you installed Agones using helm config agones.allocator.http.loadBalancerIP?

[markmandel]

No, I was following:
https://agones.dev/site/docs/advanced/allocator-service/#server-tls-certificate
and
https://agones.dev/site/docs/advanced/allocator-service/#client-certificate

Worth noting, this was setup and run through https://github.com/googleforgames/cloud-game-servers-examples/tree/master/terraform-4-cluster

[pooneh-m]

It is mentioned in https://agones.dev/site/docs/advanced/allocator-service/#server-tls-certificate:

EXTERNAL_IP=$(kubectl get services agones-allocator -n agones-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
helm upgrade --install --wait \
   --set agones.allocator.http.loadBalancerIP=${EXTERNAL_IP} 

[highlyunavailable]

I ran into an issue like this too - I'm not sure if it's a Windows Docker Desktop issue or something else, but that loadbalancer IP is always null for me and I have to set EXTERNAL_IP to the string "localhost" instead.

[markmandel]

It is mentioned in https://agones.dev/site/docs/advanced/allocator-service/#server-tls-certificate:

EXTERNAL_IP=$(kubectl get services agones-allocator -n agones-system -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
helm upgrade --install --wait \
   --set agones.allocator.http.loadBalancerIP=${EXTERNAL_IP} 

Does that mean we should remove the other instructions, and make this the one true way?

[pooneh-m]

We can break it into two sections of quick start and security considerations.