ch-apps: upgrade to kubernetes 1.30 and improve certificate handling for standalone kubelet

author: Christian Pointner <equinox@spreadspace.org> 2024-04-20 15:29:08 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2024-04-20 15:29:08 +0200
commit: 0c587ebf966307446b3e7a9094cd6c44bbca89e2 (patch)
tree: eee43ea586441ae00508d054bcae369b3e3c57b4 /roles/kubernetes/standalone/base/tasks
parent: kubernetes: upgrade images for node-local-dns-cache (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/roles/kubernetes/standalone/base/tasks/tls.yml b/roles/kubernetes/standalone/base/tasks/tls.yml
index 39952267..5603f8ec 100644
--- a/roles/kubernetes/standalone/base/tasks/tls.yml
+++ b/roles/kubernetes/standalone/base/tasks/tls.yml
@@ -68,7 +68,9 @@
   openssl_csr:
     path: /etc/ssl/standalone-kubelet/server/csr.pem
     privatekey_path: /etc/ssl/standalone-kubelet/server/key.pem
-    CN: "{{ inventory_hostname }}"
+    CN: "{{ kubernetes_standalone_address | default('127.0.0.1') }}"
+    subject_alt_name:
+    - "IP:{{ kubernetes_standalone_address | default('127.0.0.1') }}"
     key_usage:
     - digitalSignature
     key_usage_critical: yes
author	Christian Pointner <equinox@spreadspace.org>	2024-04-20 15:29:08 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2024-04-20 15:29:08 +0200
commit	0c587ebf966307446b3e7a9094cd6c44bbca89e2 (patch)
tree	eee43ea586441ae00508d054bcae369b3e3c57b4 /roles/kubernetes/standalone/base/tasks
parent	kubernetes: upgrade images for node-local-dns-cache (diff)