Browse Source

Add DNS entries to node certs (#3710)

pull/3713/head
Andreas Krüger 6 years ago
committed by k8s-ci-robot
parent
commit
931c76e58f
1 changed files with 6 additions and 2 deletions
  1. 8
      roles/kubernetes/secrets/templates/openssl-node.conf.j2

8
roles/kubernetes/secrets/templates/openssl-node.conf.j2

@ -1,4 +1,4 @@
{% set counter = {'dns': 2,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
{% set counter = {'dns': 6,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
req_extensions = v3_req req_extensions = v3_req
distinguished_name = req_distinguished_name distinguished_name = req_distinguished_name
[req_distinguished_name] [req_distinguished_name]
@ -7,7 +7,11 @@ basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names subjectAltName = @alt_names
[alt_names] [alt_names]
DNS.1 = localhost
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.{{ dns_domain }}
DNS.5 = localhost
DNS.{{ counter["dns"] }} = {{ inventory_hostname }}{{ increment(counter, 'dns') }} DNS.{{ counter["dns"] }} = {{ inventory_hostname }}{{ increment(counter, 'dns') }}
{% if hostvars[inventory_hostname]['access_ip'] is defined %} {% if hostvars[inventory_hostname]['access_ip'] is defined %}
IP.{{ counter["ip"] }} = {{ hostvars[inventory_hostname]['access_ip'] }}{{ increment(counter, 'ip') }} IP.{{ counter["ip"] }} = {{ hostvars[inventory_hostname]['access_ip'] }}{{ increment(counter, 'ip') }}

Loading…
Cancel
Save