kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

force callers to specify the cert dns names 

Kubernetes-commit: f31eb0a77f0616a5c4c3477b6d87a5a6726845cc
This commit is contained in:
deads2k 2017-03-20 16:02:42 -04:00 committed by Kubernetes Publisher
parent ba9d99da29
commit 91f0fac434
1 changed files with 1 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/server/options/serving.go
View File

@ -296,7 +296,7 @@ func (s *ServingOptions) ApplyTo(c *server.Config) error {
return nil return nil
} }
func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateIPs ...net.IP) error { func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress string, alternateDNS []string, alternateIPs []net.IP) error {
if s == nil { if s == nil {
return nil return nil
} }
@ -313,11 +313,6 @@ func (s *SecureServingOptions) MaybeDefaultWithSelfSignedCerts(publicAddress str
return err return err
} }
if !canReadCertAndKey { if !canReadCertAndKey {
// TODO: It would be nice to set a fqdn subject alt name, but only the kubelets know, the apiserver is clueless
// alternateDNS = append(alternateDNS, "kubernetes.default.svc.CLUSTER.DNS.NAME")
// TODO (cjcullen): Is ClusterIP the right address to sign a cert with?
alternateDNS := []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"}
// add either the bind address or localhost to the valid alternates // add either the bind address or localhost to the valid alternates
bindIP := s.ServingOptions.BindAddress.String() bindIP := s.ServingOptions.BindAddress.String()
if bindIP == "0.0.0.0" { if bindIP == "0.0.0.0" {