From 931c76e58f1f0769179e04cd972512cc6843018d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20Kr=C3=BCger?= <ak@patientsky.com>
Date: Wed, 14 Nov 2018 22:58:17 +0100
Subject: [PATCH] Add DNS entries to node certs (#3710)

---
 roles/kubernetes/secrets/templates/openssl-node.conf.j2 | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/kubernetes/secrets/templates/openssl-node.conf.j2 b/roles/kubernetes/secrets/templates/openssl-node.conf.j2
index 610764a5b..f625f6d76 100644
--- a/roles/kubernetes/secrets/templates/openssl-node.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl-node.conf.j2
@@ -1,4 +1,4 @@
-{% set counter = {'dns': 2,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
+{% set counter = {'dns': 6,'ip': 1,} %}{% macro increment(dct, key, inc=1)%}{% if dct.update({key: dct[key] + inc}) %} {% endif %}{% endmacro %}[req]
 req_extensions = v3_req
 distinguished_name = req_distinguished_name
 [req_distinguished_name]
@@ -7,7 +7,11 @@ basicConstraints = CA:FALSE
 keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 subjectAltName = @alt_names
 [alt_names]
-DNS.1 = localhost
+DNS.1 = kubernetes
+DNS.2 = kubernetes.default
+DNS.3 = kubernetes.default.svc
+DNS.4 = kubernetes.default.svc.{{ dns_domain }}
+DNS.5 = localhost
 DNS.{{ counter["dns"] }} = {{ inventory_hostname }}{{ increment(counter, 'dns') }}
 {% if hostvars[inventory_hostname]['access_ip'] is defined  %}
 IP.{{ counter["ip"] }} = {{ hostvars[inventory_hostname]['access_ip'] }}{{ increment(counter, 'ip') }}
-- 
GitLab