github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add kubernetes.default.svc to serving certs 

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
pull/3433/head
Brad Davidson 2021-06-08 10:48:08 -07:00 committed by Brad Davidson
parent 9c2373499c
commit f6cec4e75d
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/cluster/https.go
View File

@ -38,7 +38,7 @@ func (c *Cluster) newListener(ctx context.Context) (net.Listener, http.Handler,
return dynamiclistener.NewListener(tcp, storage, cert, key, dynamiclistener.Config{
ExpirationDaysCheck: config.CertificateRenewDays,
Organization: []string{version.Program},
SANs: append(c.config.SANs, "localhost", "kubernetes", "kubernetes.default", "kubernetes.default.svc."+c.config.ClusterDomain),
SANs: append(c.config.SANs, "localhost", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc."+c.config.ClusterDomain),
CN: version.Program,
TLSConfig: &tls.Config{
ClientAuth: tls.RequestClientCert,

2
pkg/daemons/control/deps/deps.go
View File

@ -319,7 +319,7 @@ func genServerCerts(config *config.Control, runtime *config.ControlRuntime) erro
}
altNames := &certutil.AltNames{
DNSNames: []string{"localhost", "kubernetes", "kubernetes.default", "kubernetes.default.svc." + config.ClusterDomain},
DNSNames: []string{"localhost", "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc." + config.ClusterDomain},
IPs: []net.IP{apiServerServiceIP},
}