From 6f36faa4f91fb59d8eefb9655e33cef22639f3c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= <andreas@kruger.nu>
Date: Tue, 30 Jan 2018 17:33:00 +0100
Subject: [PATCH] Loadbalancer Apiserver Address is missing

If you configure your external loadbalancer to do a simple tcp pass-through to the api servers, and you do not use a DNS FQDN but just the ip, then you need to add the ip adress to the certificates too.

Example config:

```
## External LB example config
apiserver_loadbalancer_domain_name: "10.50.63.10"
loadbalancer_apiserver:
  address: 10.50.63.10
  port: 8383
```
---
 roles/kubernetes/secrets/templates/openssl.conf.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2
index d81605d4f..a25095bd1 100644
--- a/roles/kubernetes/secrets/templates/openssl.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl.conf.j2
@@ -25,6 +25,9 @@ IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansi
 {% endfor %}
 {% set idx =  groups['kube-master'] | length | int * 2 + 1 %}
 IP.{{ idx }} = {{ kube_apiserver_ip }}
+{% if loadbalancer_apiserver is defined  %}
+IP.{{ idx + 1 }} = {{ loadbalancer_apiserver.address }}
+{% endif %}
 IP.{{ idx + 1 }} = 127.0.0.1
 {% if supplementary_addresses_in_ssl_keys is defined %}
 {% set is = idx + 1 %}
-- 
GitLab