summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArchiFleKs <kevin.lefevre@osones.io>2017-02-20 15:57:25 +0100
committerSpyros Trigazis (strigazi) <strigazi@gmail.com>2017-07-20 15:18:02 +0000
commitce5133ce56e3635bde8097a3eaf4b2c86a9a14e9 (patch)
tree9f994714d91a9d8a11fb055b860899454a3fa6c2
parentd5d01af65c76697255ce6917e9b2811682ce60b4 (diff)
Add Kubernetes API Service IP to x509 certificates3.3.1
By default, API service with service account is accessible from inside the cluster at the address 10.254.0.1. This IP should be added to SANS when generating the certs. Closes-bug: #1660811 Depends-On: Icc93fb11e19bb900396c485719908655fac75cf6 Change-Id: I214b4296bea55bb0c4015165c56fbd8ca3cebd39 (cherry picked from commit 288bb34fe311041a911bba9d43dfb75176ee43cd)
Notes
Notes (review): Code-Review+2: Spyros Trigazis (strigazi) <strigazi@gmail.com> Code-Review+1: Mohammed Naser <mnaser@vexxhost.com> Code-Review+2: yatin <ykarel@redhat.com> Workflow+1: yatin <ykarel@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Mon, 24 Jul 2017 04:14:12 +0000 Reviewed-on: https://review.openstack.org/485372 Project: openstack/magnum Branch: refs/heads/stable/newton
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh4
-rw-r--r--magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml4
2 files changed, 8 insertions, 0 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
index 323551e..9cdf692 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
@@ -46,6 +46,10 @@ if [[ -n "${MASTER_HOSTNAME}" ]]; then
46fi 46fi
47sans="${sans},IP:127.0.0.1" 47sans="${sans},IP:127.0.0.1"
48 48
49KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
50
51sans="${sans},IP:${KUBE_SERVICE_IP}"
52
49cert_dir=/srv/kubernetes 53cert_dir=/srv/kubernetes
50cert_conf_dir=${cert_dir}/conf 54cert_conf_dir=${cert_dir}/conf
51 55
diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
index f087fbe..ef0700b 100644
--- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
+++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml
@@ -64,6 +64,10 @@ write_files:
64 fi 64 fi
65 sans="${sans},IP:127.0.0.1" 65 sans="${sans},IP:127.0.0.1"
66 66
67 KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
68
69 sans="${sans},IP:${KUBE_SERVICE_IP}"
70
67 cert_dir=/etc/kubernetes/ssl 71 cert_dir=/etc/kubernetes/ssl
68 cert_conf_dir=${cert_dir}/conf 72 cert_conf_dir=${cert_dir}/conf
69 73