summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArchiFleKs <kevin.lefevre@osones.io>2017-02-20 15:57:25 +0100
committerArchiFleKs <kevin.lefevre@osones.io>2017-02-20 16:36:21 +0100
commit288bb34fe311041a911bba9d43dfb75176ee43cd (patch)
treef755068062e2efe73684cbdb2c5d6c5be67d7b05
parent88ddece127f4ef085f699feeac1af3814da12ece (diff)
Add Kubernetes API Service IP to x509 certificates
By default, API service with service account is accessible from inside the cluster at the address 10.254.0.1. This IP should be added to SANS when generating the certs. Fixes-bug: #1660811 Change-Id: I214b4296bea55bb0c4015165c56fbd8ca3cebd39
Notes
Notes (review): Code-Review+2: Spyros Trigazis <strigazi@gmail.com> Code-Review+1: Vijendar Komalla <vijendar.komalla@rackspace.com> Code-Review+1: Mathieu Velten <mathieu.velten@cern.ch> Code-Review+2: yatin <yatin.karel@nectechnologies.in> Workflow+1: yatin <yatin.karel@nectechnologies.in> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 21 Feb 2017 15:54:54 +0000 Reviewed-on: https://review.openstack.org/436037 Project: openstack/magnum Branch: refs/heads/master
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh4
-rw-r--r--magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml4
2 files changed, 8 insertions, 0 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
index 3dd2c71..21fc879 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
@@ -46,6 +46,10 @@ if [[ -n "${MASTER_HOSTNAME}" ]]; then
46fi 46fi
47sans="${sans},IP:127.0.0.1" 47sans="${sans},IP:127.0.0.1"
48 48
49KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
50
51sans="${sans},IP:${KUBE_SERVICE_IP}"
52
49cert_dir=/srv/kubernetes 53cert_dir=/srv/kubernetes
50cert_conf_dir=${cert_dir}/conf 54cert_conf_dir=${cert_dir}/conf
51 55
diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
index 1c07ce7..9a338ca 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
@@ -63,6 +63,10 @@ write_files:
63 fi 63 fi
64 sans="${sans},IP:127.0.0.1" 64 sans="${sans},IP:127.0.0.1"
65 65
66 KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
67
68 sans="${sans},IP:${KUBE_SERVICE_IP}"
69
66 cert_conf_dir=${KUBE_CERTS_PATH}/conf 70 cert_conf_dir=${KUBE_CERTS_PATH}/conf
67 71
68 mkdir -p ${cert_conf_dir} 72 mkdir -p ${cert_conf_dir}