Add Kubernetes API Service IP to x509 certificates
By default, API service with service account is accessible from inside
the cluster at the address 10.254.0.1. This IP should be added to SANS
when generating the certs.
Fixes-bug: #1660811
Change-Id: I214b4296bea55bb0c4015165c56fbd8ca3cebd39
(cherry picked from commit 288bb34fe3
)
This commit is contained in:
parent
023e39251e
commit
b410770989
|
@ -46,6 +46,10 @@ if [[ -n "${MASTER_HOSTNAME}" ]]; then
|
|||
fi
|
||||
sans="${sans},IP:127.0.0.1"
|
||||
|
||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||
|
||||
sans="${sans},IP:${KUBE_SERVICE_IP}"
|
||||
|
||||
cert_dir=/srv/kubernetes
|
||||
cert_conf_dir=${cert_dir}/conf
|
||||
|
||||
|
|
|
@ -63,6 +63,10 @@ write_files:
|
|||
fi
|
||||
sans="${sans},IP:127.0.0.1"
|
||||
|
||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||
|
||||
sans="${sans},IP:${KUBE_SERVICE_IP}"
|
||||
|
||||
cert_conf_dir=${KUBE_CERTS_PATH}/conf
|
||||
|
||||
mkdir -p ${cert_conf_dir}
|
||||
|
|
Loading…
Reference in New Issue