Use proper openssl command to differentiate between host and ip in API certificate check (#6392)
* Use proper openssl command to differentiate between host and ip in current certificate check * fixup! Use proper openssl command to differentiate between host and ip in current certificate check
This commit is contained in:
parent
6e2b8a5750
commit
411510cbe6
1 changed files with 1 additions and 1 deletions
|
@ -112,7 +112,7 @@
|
|||
- kubeadm_already_run.stat.exists
|
||||
|
||||
- name: kubeadm | Check if apiserver.crt contains all needed SANs
|
||||
command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -checkip "{{ item }}"
|
||||
command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -check{{ item|ipaddr|ternary('ip','host') }} "{{ item }}"
|
||||
with_items: "{{ apiserver_sans }}"
|
||||
register: apiserver_sans_check
|
||||
changed_when: "'does match certificate' not in apiserver_sans_check.stdout"
|
||||
|
|
Loading…
Reference in a new issue