From a1ec6f401c0947e5b4064a7d4b15fa2c45be052d Mon Sep 17 00:00:00 2001
From: Vladimir Rutsky <rutsky.vladimir@gmail.com>
Date: Thu, 16 Feb 2017 00:13:52 +0300
Subject: [PATCH] fix load balancer DNS name index evaluation in openssl.conf

Looks like OpenSSL still properly handles it, even with duplicated
"DNS.X" items.
---
 roles/kubernetes/secrets/templates/openssl.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2
index ac94b6800..d3164286e 100644
--- a/roles/kubernetes/secrets/templates/openssl.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl.conf.j2
@@ -16,7 +16,7 @@ DNS.5 = localhost
 DNS.{{ 5 + loop.index }} = {{ host }}
 {% endfor %}
 {% if loadbalancer_apiserver is defined  and apiserver_loadbalancer_domain_name is defined %}
-{% set idx =  groups['kube-master'] | length | int + 5 %}
+{% set idx =  groups['kube-master'] | length | int + 5 + 1 %}
 DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
 {% endif %}
 {% for host in groups['kube-master'] %}