How to generate a self-signed SAN SSL/TLS certificate using openssl

Generating a self-signed certificate is a common task and the command to generate one with openssl is well known and well documented. Generating a certificate that includes subjectAltName is not so straght forward however. The following example demonstrates how to generate a SAN certificate without making a permanent change to the openssl configuration.

Generate a list of all required DNS names, (Note: CN will be discarded).

$ export SAN="DNS:www.domain.localdomain,DNS:domain.localdomain"
Reset Kubernetes cluster with Weave
# Drain and delete the nodes (for each node you have)
kubectl drain kubenode1 --delete-local-data --force --ignore-daemonsets
kubectl delete node kubenode1
# Reset the deployment
sudo kubeadm reset
# On each node
## Reset the nodes and weave