Add Kubernetes API Service IP to x509 certificates
By default, API service with service account is accessible from inside the cluster at the address 10.254.0.1. This IP should be added to SANS when generating the certs. Fixes-bug: #1660811 Change-Id: I214b4296bea55bb0c4015165c56fbd8ca3cebd39
This commit is contained in:
parent
88ddece127
commit
288bb34fe3
|
@ -46,6 +46,10 @@ if [[ -n "${MASTER_HOSTNAME}" ]]; then
|
|||
fi
|
||||
sans="${sans},IP:127.0.0.1"
|
||||
|
||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||
|
||||
sans="${sans},IP:${KUBE_SERVICE_IP}"
|
||||
|
||||
cert_dir=/srv/kubernetes
|
||||
cert_conf_dir=${cert_dir}/conf
|
||||
|
||||
|
|
|
@ -63,6 +63,10 @@ write_files:
|
|||
fi
|
||||
sans="${sans},IP:127.0.0.1"
|
||||
|
||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||
|
||||
sans="${sans},IP:${KUBE_SERVICE_IP}"
|
||||
|
||||
cert_conf_dir=${KUBE_CERTS_PATH}/conf
|
||||
|
||||
mkdir -p ${cert_conf_dir}
|
||||
|
|
Loading…
Reference in New Issue