Use kubernetes service name in cert request

In kubernetes with atomic we have a set of certificates that we use in
three places:
1. etcd
2. kubernetes apiserver
3. kubernetes service accounts

In order to make service accounts work we need to set the common name
properly in the certificates.

Partial-Bug: #1705694

Change-Id: I04ed3bba938f0d5f340e2141be94058c38c2ed2b

magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh

@@ -73,7 +73,7 @@ distinguished_name = req_distinguished_name
 req_extensions     = req_ext
 prompt = no
 [req_distinguished_name]
-CN = kubernetes.invalid
+CN = kubernetes.default.svc
 [req_ext]
 keyUsage=critical,digitalSignature,keyEncipherment
 extendedKeyUsage=clientAuth

magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh

@@ -55,6 +55,8 @@ KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{pri
 
 sans="${sans},IP:${KUBE_SERVICE_IP}"
 
+sans="${sans},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local"
+
 cert_dir=/srv/kubernetes
 cert_conf_dir=${cert_dir}/conf
 
@@ -104,7 +106,7 @@ distinguished_name = req_distinguished_name
 req_extensions     = req_ext
 prompt = no
 [req_distinguished_name]
-CN = kubernetes.invalid
+CN = kubernetes.default.svc
 [req_ext]
 subjectAltName = ${sans}
 extendedKeyUsage = clientAuth,serverAuth