From 6f36faa4f91fb59d8eefb9655e33cef22639f3c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= <andreas@kruger.nu>
Date: Tue, 30 Jan 2018 17:33:00 +0100
Subject: [PATCH 1/2] Loadbalancer Apiserver Address is missing

If you configure your external loadbalancer to do a simple tcp pass-through to the api servers, and you do not use a DNS FQDN but just the ip, then you need to add the ip adress to the certificates too.

Example config:

```
## External LB example config
apiserver_loadbalancer_domain_name: "10.50.63.10"
loadbalancer_apiserver:
  address: 10.50.63.10
  port: 8383
```
---
 roles/kubernetes/secrets/templates/openssl.conf.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2
index d81605d4f..a25095bd1 100644
--- a/roles/kubernetes/secrets/templates/openssl.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl.conf.j2
@@ -25,6 +25,9 @@ IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansi
 {% endfor %}
 {% set idx =  groups['kube-master'] | length | int * 2 + 1 %}
 IP.{{ idx }} = {{ kube_apiserver_ip }}
+{% if loadbalancer_apiserver is defined  %}
+IP.{{ idx + 1 }} = {{ loadbalancer_apiserver.address }}
+{% endif %}
 IP.{{ idx + 1 }} = 127.0.0.1
 {% if supplementary_addresses_in_ssl_keys is defined %}
 {% set is = idx + 1 %}

From 088d36da0902659361213e54aa5c646f37375f99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= <andreas@kruger.nu>
Date: Tue, 30 Jan 2018 21:48:13 +0100
Subject: [PATCH 2/2] Increase the idx counter

Fix the idx counter to increase too, or you will end up with two same indexes.
---
 roles/kubernetes/secrets/templates/openssl.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2
index a25095bd1..5c3d3e814 100644
--- a/roles/kubernetes/secrets/templates/openssl.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl.conf.j2
@@ -27,6 +27,7 @@ IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansi
 IP.{{ idx }} = {{ kube_apiserver_ip }}
 {% if loadbalancer_apiserver is defined  %}
 IP.{{ idx + 1 }} = {{ loadbalancer_apiserver.address }}
+{% set idx = idx + 1 %}
 {% endif %}
 IP.{{ idx + 1 }} = 127.0.0.1
 {% if supplementary_addresses_in_ssl_keys is defined %}