Commit graph

5 commits

Author SHA1 Message Date
Greg Althaus
04fbe42aa6 If the inventory name of the host exceeds 63 characters,
the openssl tools will fail to create signing requests because
the CN is too long.  This is mainly a problem when FQDNs are used
in the inventory file.

THis will truncate the hostname for the CN field only at the
first dot.  This should handle the issue for most cases.
2017-01-13 10:02:23 -06:00
Matthew Mosesohn
3b562c494d Use only one certificate for all apiservers
https://github.com/kubernetes/kubernetes/issues/25063
2017-01-13 14:03:20 +03:00
Matthew Mosesohn
ed253e5c5a Generate individual certificates for k8s hosts 2017-01-11 12:58:07 +03:00
Matthew Mosesohn
73066f308d use nginx proxy on non-master nodes to proxy apiserver traffic
Also adds all masters by hostname and localhost/127.0.0.1 to
apiserver SSL certificate.

Includes documentation update on how localhost loadbalancer works.
2016-10-05 20:09:10 +03:00
Smana
4f627baf71 generate secrets on first master 2016-05-07 21:08:29 +02:00
Renamed from roles/kubernetes/secrets/scripts/make-ssl.sh (Browse further)