From 931c76e58f1f0769179e04cd972512cc6843018d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= Date: Wed, 14 Nov 2018 22:58:17 +0100 Subject: [PATCH] Add DNS entries to node certs (#3710) --- roles/kubernetes/secrets/templates/openssl-node.conf.j2 | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/roles/kubernetes/secrets/templates/openssl-node.conf.j2 b/roles/kubernetes/secrets/templates/openssl-node.conf.j2 index 610764a5b..f625f6d76 100644 --- a/roles/kubernetes/secrets/templates/openssl-node.conf.j2 +++ b/roles/kubernetes/secrets/templates/openssl-node.conf.j2 @@ -1,4 +1,4 @@ -{% set counter = {'dns': 2,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req] +{% set counter = {'dns': 6,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req] req_extensions = v3_req distinguished_name = req_distinguished_name [req_distinguished_name] @@ -7,7 +7,11 @@ basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] -DNS.1 = localhost +DNS.1 = kubernetes +DNS.2 = kubernetes.default +DNS.3 = kubernetes.default.svc +DNS.4 = kubernetes.default.svc.{{ dns_domain }} +DNS.5 = localhost DNS.{{ counter["dns"] }} = {{ inventory_hostname }}{{ increment(counter, 'dns') }} {% if hostvars[inventory_hostname]['access_ip'] is defined %} IP.{{ counter["ip"] }} = {{ hostvars[inventory_hostname]['access_ip'] }}{{ increment(counter, 'ip') }}