From 5b0d411ffadf7bd5ddf4283251bf4de96da0707e Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Mon, 26 Sep 2016 20:14:19 +0300 Subject: [PATCH] add kube-masters to SSL certificate --- roles/kubernetes/secrets/templates/openssl.conf.j2 | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2 index fa00163a3..5eab64979 100644 --- a/roles/kubernetes/secrets/templates/openssl.conf.j2 +++ b/roles/kubernetes/secrets/templates/openssl.conf.j2 @@ -11,7 +11,11 @@ DNS.1 = kubernetes DNS.2 = kubernetes.default DNS.3 = kubernetes.default.svc DNS.4 = kubernetes.default.svc.{{ dns_domain }} +{% for host in groups['kube-master'] %} +DNS.{{ 4 + loop.index }} = {{ host }} +{% endfor %} {% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %} +{% set idx = groups['kube-master'] | length | int + 4 %} DNS.5 = {{ apiserver_loadbalancer_domain_name }} {% endif %} {% for host in groups['kube-master'] %}