diff --git a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml index be1762f424..8278a578a8 100644 --- a/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml +++ b/magnum/drivers/k8s_coreos_v1/templates/fragments/make-cert.yaml @@ -49,10 +49,10 @@ write_files: fi sans="IP:${KUBE_NODE_PUBLIC_IP},IP:${KUBE_NODE_IP}" - if [[ "${KUBE_NODE_PUBLIC_IP}" != "${KUBE_API_PUBLIC_ADDRESS}" ]]; then + if [[ "${KUBE_NODE_PUBLIC_IP}" != "${KUBE_API_PUBLIC_ADDRESS}" ]] && [[ "${KUBE_API_PUBLIC_ADDRESS}"]]; then sans="${sans},IP:${KUBE_API_PUBLIC_ADDRESS}" fi - if [[ "${KUBE_NODE_IP}" != "${KUBE_API_PRIVATE_ADDRESS}" ]]; then + if [[ "${KUBE_NODE_IP}" != "${KUBE_API_PRIVATE_ADDRESS}" ]] && [[ "${KUBE_API_PRIVATE_ADDRESS}"]]; then sans="${sans},IP:${KUBE_API_PRIVATE_ADDRESS}" fi MASTER_HOSTNAME=${MASTER_HOSTNAME:-} diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/make-cert.sh b/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/make-cert.sh index c144445c77..fb11e683c6 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/make-cert.sh +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/make-cert.sh @@ -24,12 +24,25 @@ if [ "$TLS_DISABLED" == "True" ]; then exit 0 fi -cert_ip=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4) -sans="IP:${cert_ip},IP:${KUBE_API_PUBLIC_ADDRESS},IP:${KUBE_API_PRIVATE_ADDRESS},IP:127.0.0.1" +if [[ -z "${KUBE_NODE_PUBLIC_IP}" ]]; then + KUBE_NODE_PUBLIC_IP=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4) +fi +if [[ -z "${KUBE_NODE_IP}" ]]; then + KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4) +fi + +sans="IP:${KUBE_NODE_PUBLIC_IP},IP:${KUBE_NODE_IP}" +if [[ "${KUBE_NODE_PUBLIC_IP}" != "${KUBE_API_PUBLIC_ADDRESS}" ]] && [[ "${KUBE_API_PUBLIC_ADDRESS}" ]]; then + sans="${sans},IP:${KUBE_API_PUBLIC_ADDRESS}" +fi +if [[ "${KUBE_NODE_IP}" != "${KUBE_API_PRIVATE_ADDRESS}" ]] && [[ "${KUBE_API_PRIVATE_ADDRESS}" ]]; then + sans="${sans},IP:${KUBE_API_PRIVATE_ADDRESS}" +fi MASTER_HOSTNAME=${MASTER_HOSTNAME:-} if [[ -n "${MASTER_HOSTNAME}" ]]; then - sans="${sans},DNS:${MASTER_HOSTNAME}" + sans="${sans},DNS:${MASTER_HOSTNAME}" fi +sans="${sans},IP:127.0.0.1" cert_dir=/srv/kubernetes cert_conf_dir=${cert_dir}/conf diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/write-heat-params-master.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/write-heat-params-master.yaml index 6d6c8aaf08..2e00009164 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/write-heat-params-master.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/write-heat-params-master.yaml @@ -8,6 +8,7 @@ write_files: KUBE_API_PUBLIC_ADDRESS="$KUBE_API_PUBLIC_ADDRESS" KUBE_API_PRIVATE_ADDRESS="$KUBE_API_PRIVATE_ADDRESS" KUBE_API_PORT="$KUBE_API_PORT" + KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP" KUBE_NODE_IP="$KUBE_NODE_IP" KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV" DOCKER_VOLUME="$DOCKER_VOLUME" diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/write-heat-params.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/write-heat-params.yaml index 84e99092de..c9726f447d 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/write-heat-params.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/fragments/write-heat-params.yaml @@ -8,6 +8,7 @@ write_files: KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV" KUBE_MASTER_IP="$KUBE_MASTER_IP" KUBE_API_PORT="$KUBE_API_PORT" + KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP" KUBE_NODE_IP="$KUBE_NODE_IP" ETCD_SERVER_IP="$ETCD_SERVER_IP" DOCKER_VOLUME="$DOCKER_VOLUME"