From d9641771ed48d70ec75b9050932fcd43630a800d Mon Sep 17 00:00:00 2001
From: Matthew Mosesohn <mmosesohn@mirantis.com>
Date: Mon, 26 Sep 2016 20:14:19 +0300
Subject: [PATCH] add kube-masters to SSL certificate

---
 roles/kubernetes/secrets/templates/openssl.conf.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/kubernetes/secrets/templates/openssl.conf.j2 b/roles/kubernetes/secrets/templates/openssl.conf.j2
index fa00163a3..5eab64979 100644
--- a/roles/kubernetes/secrets/templates/openssl.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl.conf.j2
@@ -11,7 +11,11 @@ DNS.1 = kubernetes
 DNS.2 = kubernetes.default
 DNS.3 = kubernetes.default.svc
 DNS.4 = kubernetes.default.svc.{{ dns_domain }}
+{% for host in groups['kube-master'] %}
+DNS.{{ 4 + loop.index }} = {{ host }}
+{% endfor %}
 {% if loadbalancer_apiserver is defined  and apiserver_loadbalancer_domain_name is defined %}
+{% set idx =  groups['kube-master'] | length | int + 4 %}
 DNS.5 = {{ apiserver_loadbalancer_domain_name }}
 {% endif %}
 {% for host in groups['kube-master'] %}
-- 
GitLab