Add Kubernetes API Service IP to x509 certificates
By default, API service with service account is accessible from inside
the cluster at the address 10.254.0.1. This IP should be added to SANS
when generating the certs.
Closes-bug: #1660811
Depends-On: Icc93fb11e19bb900396c485719908655fac75cf6
Change-Id: I214b4296bea55bb0c4015165c56fbd8ca3cebd39
(cherry picked from commit 288bb34fe3
)
This commit is contained in:
parent
d5d01af65c
commit
ce5133ce56
|
@ -46,6 +46,10 @@ if [[ -n "${MASTER_HOSTNAME}" ]]; then
|
|||
fi
|
||||
sans="${sans},IP:127.0.0.1"
|
||||
|
||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||
|
||||
sans="${sans},IP:${KUBE_SERVICE_IP}"
|
||||
|
||||
cert_dir=/srv/kubernetes
|
||||
cert_conf_dir=${cert_dir}/conf
|
||||
|
||||
|
|
|
@ -64,6 +64,10 @@ write_files:
|
|||
fi
|
||||
sans="${sans},IP:127.0.0.1"
|
||||
|
||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||
|
||||
sans="${sans},IP:${KUBE_SERVICE_IP}"
|
||||
|
||||
cert_dir=/etc/kubernetes/ssl
|
||||
cert_conf_dir=${cert_dir}/conf
|
||||
|
||||
|
|
Loading…
Reference in New Issue