Comments (8)
Submitted a PR #433 -- Looking for feedback from you guys. Thanks!
from rke.
with the version 0.2.2 seems that the extra sans are not anymore added.
cluster.yml:
authentication:
strategy: x509
sans:
- "207.154.234.236"
openssl x509 -in kube-apiserver.pem -text -noout
DNS:localhost, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:192.168.12.10, IP Address:192.168.12.11, IP Address:192.168.12.16, IP Address:127.0.0.1, IP Address:10.43.0.1
from rke.
Currently we are using host's address, internal address, and hostname as values for pki alt names and ips, but we don't allow for extra names or ips at the moment, we will consider adding custom IPs and DNS Names to the kube api certificate
from rke.
@galal-hussein hi guys, this feature will be usefully, by the default ,we can't add more ips to kube api certificate, so when we connect to apiserver with loadbalance ip, it can't work. we hope that this feature could be implemente As soon as possible, thanks you!
from rke.
Another voice for requesting this ability/feature, we could use additional flags for hostnames or IPs to add to the kube api certificate so that we're able to use a load balancer for all master nodes.
from rke.
+1 to this. Would like to have master nodes load balanced and not exposed publicly. Would be best to be able to add SANs to configuration.
Maybe something like this?
authentication:
strategy: x509
controlplane_sans:
- my.loadbalancer.com
from rke.
I can confirm with latest master that i extra sans were added to the kubeapi certificate:
DNS:my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com, DNS:localhost, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:159.65.47.98, IP Address:159.65.253.200, IP Address:167.99.61.54, IP Address:10.18.160.10, IP Address:127.0.0.1, IP Address:10.233.0.1
from rke.
with the version 0.2.2 seems that the extra sans are not anymore added.
cluster.yml:
authentication: strategy: x509 sans: - "207.154.234.236"
openssl x509 -in kube-apiserver.pem -text -noout
DNS:localhost, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:192.168.12.10, IP Address:192.168.12.11, IP Address:192.168.12.16, IP Address:127.0.0.1, IP Address:10.43.0.1
I have the same issue
from rke.
Related Issues (20)
- with latest kernel version the worker node DNS is not working HOT 2
- RKE restarting masters/workers after adding a new worker or master
- [Question] About ciphers
- Calico versions and other CNI version info? Where? HOT 8
- Metrics: unreachable kubernetes API (no logs) HOT 1
- How to restart apiserver
- Cluster unrecoverable after every power outage - nodes all say ready (even when off) HOT 2
- RKE should have a dry-run option HOT 3
- Errors while removing an etcd member can cause RKE to try to remove the member indefinitely HOT 2
- don't use dns search of the host HOT 1
- FATA[0000] Unsupported Docker version found [26.1.1] on host HOT 4
- Rke with docker rootless HOT 1
- Provisionning fails with RKE 1.5.9 when `extra_env` is used for `kube-api` service HOT 5
- Clarification on using hostNetwork: true in nginx ingress HOT 1
- miss makezero in slice init HOT 1
- [Backport] Provisionning fails with RKE 1.5.9 when extra_env is used for kube-api service HOT 3
- RKE1: Ingress Controller and Ingress not working
- masters not available via SSH - how to moved them into new hosts? HOT 1
- Failed to reconcile etcd plane: Failed to add etcd member [etcd-server-k8s-2] to etcd cluster
- worker node label lost after node reboot [v1.5.10]
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rke.