Add alternative names for API Server

Signed-off-by: Pradeep Sawlani <sawlani@google.com>
2025-12-15 17:28:58 +03:00 · 2019-03-08 03:28:34 -08:00
parent bf2850974e
commit ecba5805cb
1 changed files with 3 additions and 1 deletions
--- a/docs/04-certificate-authority.md
+++ b/docs/04-certificate-authority.md
@@ -303,6 +303,8 @@ KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-har
  --region $(gcloud config get-value compute/region) \
  --format 'value(address)')

+KUBERNETES_SAN=kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.svc.cluster.local
+
 cat > kubernetes-csr.json <<EOF
 {
  "CN": "kubernetes",
@@ -326,7 +328,7 @@ cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
-  -hostname=10.32.0.1,10.240.0.10,10.240.0.11,10.240.0.12,${KUBERNETES_PUBLIC_ADDRESS},127.0.0.1,kubernetes.default \
+  -hostname=10.32.0.1,10.240.0.10,10.240.0.11,10.240.0.12,${KUBERNETES_PUBLIC_ADDRESS},127.0.0.1,${KUBERNETES_SAN} \
  -profile=kubernetes \
  kubernetes-csr.json | cfssljson -bare kubernetes