Use proper openssl command to differentiate between host and ip in API certificate check (#6392)

* Use proper openssl command to differentiate between host and ip in current certificate check * fixup! Use proper openssl command to differentiate between host and ip in current certificate check
4 years ago · 411510cbe6
1 changed files with 1 additions and 1 deletions
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@ -112,7 +112,7 @@
    - kubeadm_already_run.stat.exists

 - name: kubeadm | Check if apiserver.crt contains all needed SANs
-  command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -checkip "{{ item }}"
+  command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -check{{ item|ipaddr|ternary('ip','host') }} "{{ item }}"
  with_items: "{{ apiserver_sans }}"
  register: apiserver_sans_check
  changed_when: "'does match certificate' not in apiserver_sans_check.stdout"