Browse Source

Merge "Add subjectAltName back to CSR config"

changes/88/305188/1
Jenkins 6 years ago committed by Gerrit Code Review
parent
commit
39e8e1f054
  1. 5
      magnum/templates/kubernetes/fragments/make-cert-client.sh
  2. 5
      magnum/templates/kubernetes/fragments/make-cert.sh
  3. 19
      magnum/templates/swarm/fragments/make-cert.py

5
magnum/templates/kubernetes/fragments/make-cert-client.sh

@ -82,10 +82,7 @@ CN = kubernetes.invalid
[req_ext]
keyUsage=critical,digitalSignature,keyEncipherment
extendedKeyUsage=clientAuth
# TODO(hongbin): This is a temporary work-around for a gate breakage.
# Need to investigate the issue and revert this temporary fix.
# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 address
#subjectAltName=dirName:kubelet,dirName:kubeproxy
subjectAltName=dirName:kubelet,dirName:kubeproxy
[kubelet]
CN=kubelet
[kubeproxy]

5
magnum/templates/kubernetes/fragments/make-cert.sh

@ -87,10 +87,7 @@ prompt = no
[req_distinguished_name]
CN = kubernetes.invalid
[req_ext]
# TODO(hongbin): This is a temporary work-around for a gate breakage.
# Need to investigate the issue and revert this temporary fix.
# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6 address
#subjectAltName = ${sans}
subjectAltName = ${sans}
extendedKeyUsage = clientAuth,serverAuth
EOF

19
magnum/templates/swarm/fragments/make-cert.py

@ -40,11 +40,7 @@ copy_extensions = copyall
[req_distinguished_name]
CN = swarm.invalid
[req_ext]
# TODO(hongbin): This is a temporary work-around for a gate breakage.
# Need to investigate the issue and revert this temporary fix.
# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or IPv6
# address
#subjectAltName = %(subject_alt_names)s
subjectAltName = %(subject_alt_names)s
extendedKeyUsage = clientAuth,serverAuth
"""
@ -103,15 +99,10 @@ def write_server_key():
def _write_csr_config(config):
with open(SERVER_CONF_PATH, 'w') as fp:
# TODO(hongbin): This is a temporary work-around for a gate breakage.
# Need to investigate the issue and revert this temporary fix.
# Bug #1568212 - '\xac\x18\x05\x07' does not appear to be an IPv4 or
# IPv6 address
# params = {
# 'subject_alt_names': _build_subject_alt_names(config)
# }
# fp.write(CSR_CONFIG_TEMPLATE % params)
fp.write(CSR_CONFIG_TEMPLATE)
params = {
'subject_alt_names': _build_subject_alt_names(config)
}
fp.write(CSR_CONFIG_TEMPLATE % params)
def create_server_csr(config):

Loading…
Cancel
Save