kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Always include load balancer domain in APIServer certificate

This commit is contained in:
John Gardiner Myers 2022-12-17 16:14:08 -08:00
parent ce389c4980
commit b024338768
1 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/model/awsmodel/api_loadbalancer.go
View File

@ -187,6 +187,7 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
TargetGroups: make([]*awstasks.TargetGroup, 0), TargetGroups: make([]*awstasks.TargetGroup, 0),
Tags: tags, Tags: tags,
ForAPIServer: true,
VPC: b.LinkToVPC(), VPC: b.LinkToVPC(),
Type: fi.PtrTo("network"), Type: fi.PtrTo("network"),
IpAddressType: fi.PtrTo("ipv4"), IpAddressType: fi.PtrTo("ipv4"),
@ -224,7 +225,8 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
Timeout: fi.PtrTo(int64(300)), Timeout: fi.PtrTo(int64(300)),
}, },
Tags: tags, Tags: tags,
ForAPIServer: true,
} }
if b.Cluster.UsesNoneDNS() { if b.Cluster.UsesNoneDNS() {
@ -592,13 +594,6 @@ func (b *APILoadBalancerBuilder) Build(c *fi.ModelBuilderContext) error {
} }
} }
if b.Cluster.IsGossip() || b.Cluster.UsesPrivateDNS() || b.Cluster.UsesNoneDNS() {
// Ensure the LB hostname is included in the TLS certificate,
// if we're not going to use an alias for it
clb.ForAPIServer = true
nlb.ForAPIServer = true
}
return nil return nil
} }