Skip to content

Commit

Permalink
*: use wildcard domain in DNS: SAN for etcd server certs
Browse files Browse the repository at this point in the history 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
  • Loading branch information
@hexfusion
hexfusion committed Apr 27, 2019
1 parent 8bfb5e9 commit a583be1
Show file tree
Hide file tree
Showing 8 changed files with 12 additions and 11 deletions.
5 changes: 3 additions & 2 deletions cmd/setup-etcd-environment/run.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,9 @@ func runRunCmd(cmd *cobra.Command, args []string) error {
}

return writeEnvironmentFile(map[string]string{
"IPV4_ADDRESS": ip,
"DNS_NAME": dns,
"IPV4_ADDRESS": ip,
"DNS_NAME": dns,
"WILDCARD_DNS_NAME": fmt.Sprintf("*.%s", runOpts.discoverySRV),
}, out)
}

Expand Down
6 changes: 3 additions & 3 deletions pkg/controller/template/render.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,11 +327,11 @@ func skipMissing(key string) (interface{}, error) {
func etcdServerCertDNSNames(cfg RenderConfig) (interface{}, error) {
var dnsNames = []string{
"localhost",
"etcd.kube-system.svc", // sign for the local etcd service name that cluster-network apiservers use to communicate
"etcd.kube-system.svc.cluster.local", // sign for the local etcd service name that cluster-network apiservers use to communicate
"etcd.kube-system.svc", // sign for the local etcd service name that cluster-network apiservers use to communicate
"etcd.kube-system.svc.cluster.local", // sign for the local etcd service name that cluster-network apiservers use to communicate
"etcd.openshift-etcd.svc", // sign for the local etcd service name that cluster-network apiservers use to communicate
"etcd.openshift-etcd.svc.cluster.local", // sign for the local etcd service name that cluster-network apiservers use to communicate
"${ETCD_DNS_NAME}",
"${ETCD_WILDCARD_DNS_NAME}",
}
return strings.Join(dnsNames, ","), nil
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/template/render_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ func TestEtcdServerCertDNSNames(t *testing.T) {
url string
err bool
}{{
url: "localhost,etcd.kube-system.svc,etcd.kube-system.svc.cluster.local,etcd.openshift-etcd.svc,etcd.openshift-etcd.svc.cluster.local,${ETCD_DNS_NAME}",
url: "localhost,etcd.kube-system.svc,etcd.kube-system.svc.cluster.local,etcd.openshift-etcd.svc,etcd.openshift-etcd.svc.cluster.local,${ETCD_WILDCARD_DNS_NAME}",
err: false,
}}
for idx, c := range cases {
Expand Down
2 changes: 1 addition & 1 deletion ...test_data/templates/master/00-master/aws/files/-etc-kubernetes-manifests-etcd-member.yaml
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion ..._data/templates/master/00-master/libvirt/files/-etc-kubernetes-manifests-etcd-member.yaml
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion ...est_data/templates/master/00-master/none/files/-etc-kubernetes-manifests-etcd-member.yaml
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion ...ata/templates/master/00-master/openstack/files/-etc-kubernetes-manifests-etcd-member.yaml
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion ..._data/templates/master/00-master/vsphere/files/-etc-kubernetes-manifests-etcd-member.yaml
View file

Large diffs are not rendered by default.

0 comments on commit a583be1

Please sign in to comment.