Created
July 5, 2015 04:07
-
-
Save eparis/8c641ee61749814e75c4 to your computer and use it in GitHub Desktop.
Potential fix for certs and inventories which use DNS names instead of IPs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/contrib/ansible/roles/kubernetes/files/make-ca-cert.sh b/contrib/ansible/roles/kubernetes/files/make-ca-cert.sh | |
| index 3950eec..7ae6305 100755 | |
| --- a/contrib/ansible/roles/kubernetes/files/make-ca-cert.sh | |
| +++ b/contrib/ansible/roles/kubernetes/files/make-ca-cert.sh | |
| @@ -20,9 +20,9 @@ set -o pipefail | |
| # Caller should set in the ev: | |
| # MASTER_IP - this may be an ip or things like "_use_gce_external_ip_" | |
| +# MASTER_NAME - DNS name for the master | |
| # DNS_DOMAIN - which will be passed to minions in --cluster_domain | |
| # SERVICE_CLUSTER_IP_RANGE - where all service IPs are allocated | |
| -# MASTER_NAME - I'm not sure what it is... | |
| # Also the following will be respected | |
| # CERT_DIR - where to place the finished certs | |
| diff --git a/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml b/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml | |
| index be98366..a8e7228 100644 | |
| --- a/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml | |
| +++ b/contrib/ansible/roles/kubernetes/tasks/gen_certs.yml | |
| @@ -15,12 +15,12 @@ | |
| # FIXME This only generates a cert for one master... | |
| - name: Run create cert script on master | |
| command: | |
| - "{{ kube_script_dir }}/make-ca-cert.sh {{ inventory_hostname }}" | |
| + "{{ kube_script_dir }}/make-ca-cert.sh" | |
| args: | |
| creates: "{{ kube_cert_dir }}/server.crt" | |
| environment: | |
| MASTER_IP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" | |
| - MASTER_NAME: "kubernetes" | |
| + MASTER_NAME: "{{ inventory_hostname }}" | |
| DNS_DOMAIN: "{{ dns_domain }}" | |
| SERVICE_CLUSTER_IP_RANGE: "{{ kube_service_addresses }}" | |
| CERT_DIR: "{{ kube_cert_dir }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment