summaryrefslogtreecommitdiff
path: root/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
diff options
context:
space:
mode:
authorMathieu Velten <mathieu.velten@cern.ch>2017-07-17 10:53:21 +0200
committerMathieu Velten <mathieu.velten@cern.ch>2017-07-25 08:46:14 +0000
commit34f3011913a4480d935fa7d8755ef1947ad5010c (patch)
treeaa1121b3f6f2c5fc0db9c0b4f4f9ea421d23a508 /magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
parent7cf0b5051ac85977c49fafd1876aa3c773355b75 (diff)
Use kubernetes service name in cert request
In kubernetes with atomic we have a set of certificates that we use in three places: 1. etcd 2. kubernetes apiserver 3. kubernetes service accounts In order to make service accounts work we need to set the common name properly in the certificates. Partial-Bug: #1705694 Change-Id: I04ed3bba938f0d5f340e2141be94058c38c2ed2b (cherry picked from commit a7ab475cd0917ffdeb1dd5ffa5a8a9a38f907b78)
Notes
Notes (review): Code-Review+2: Spyros Trigazis (strigazi) <strigazi@gmail.com> Code-Review+2: yatin <ykarel@redhat.com> Workflow+1: yatin <ykarel@redhat.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Tue, 25 Jul 2017 18:23:34 +0000 Reviewed-on: https://review.openstack.org/486949 Project: openstack/magnum Branch: refs/heads/stable/ocata
Diffstat (limited to 'magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh')
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh4
1 files changed, 3 insertions, 1 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
index 30e9011..3415b9a 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
@@ -50,6 +50,8 @@ KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{pri
50 50
51sans="${sans},IP:${KUBE_SERVICE_IP}" 51sans="${sans},IP:${KUBE_SERVICE_IP}"
52 52
53sans="${sans},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
54
53cert_dir=/srv/kubernetes 55cert_dir=/srv/kubernetes
54cert_conf_dir=${cert_dir}/conf 56cert_conf_dir=${cert_dir}/conf
55 57
@@ -99,7 +101,7 @@ distinguished_name = req_distinguished_name
99req_extensions = req_ext 101req_extensions = req_ext
100prompt = no 102prompt = no
101[req_distinguished_name] 103[req_distinguished_name]
102CN = kubernetes.invalid 104CN = kubernetes.default.svc
103[req_ext] 105[req_ext]
104subjectAltName = ${sans} 106subjectAltName = ${sans}
105extendedKeyUsage = clientAuth,serverAuth 107extendedKeyUsage = clientAuth,serverAuth