[req] req_extensions = v3_req distinguished_name = req_distinguished_name [req_distinguished_name] [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = kubernetes DNS.2 = kubernetes.default DNS.3 = kubernetes.default.svc DNS.4 = kubernetes.default.svc.{{ dns_domain }} DNS.5 = localhost {% for host in groups['kube-master'] %} DNS.{{ 5 + loop.index }} = {{ host }} {% endfor %} {% set idns = groups['kube-master'] | length | int + 5 %} {% if loadbalancer_apiserver is defined %} {% set idns = idns + 1 %} DNS.{{ idns | string }} = {{ apiserver_loadbalancer_domain_name }} {% endif %} {% for host in groups['kube-master'] %} IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }} {% endfor %} {% set idx = groups['kube-master'] | length | int * 2 + 1 %} IP.{{ idx }} = {{ kube_apiserver_ip }} {% if loadbalancer_apiserver is defined %} IP.{{ idx + 1 }} = {{ loadbalancer_apiserver.address }} {% set idx = idx + 1 %} {% endif %} IP.{{ idx + 1 }} = 127.0.0.1 {% if supplementary_addresses_in_ssl_keys is defined %} {% set is = idx + 1 %} {% for addr in supplementary_addresses_in_ssl_keys %} {% if addr | ipaddr %} IP.{{ is + loop.index }} = {{ addr }} {% else %} DNS.{{ idns + loop.index }} = {{ addr }} {% endif %} {% endfor %} {% endif %}