fix: certs error when run 'kubectl exec' or 'kubectl logs'

example/hosts.allinone

@@ -6,7 +6,7 @@
 # CAUTION: 'k8s_nodename' must consist of lower case alphanumeric characters, '-' or '.',
 # and must start and end with an alphanumeric character
 [kube_master]
-192.168.1.1 k8s_nodename=''
+192.168.1.1
 
 # work node(s), set unique 'k8s_nodename' for each node
 # CAUTION: 'k8s_nodename' must consist of lower case alphanumeric characters, '-' or '.',

roles/kube-node/tasks/main.yml

@@ -74,6 +74,18 @@
   shell: systemctl daemon-reload && systemctl restart kube-proxy
   tags: reload-kube-proxy, upgrade_k8s, restart_node, force_change_certs
 
+# 设置k8s_nodename 在/etc/hosts 地址解析
+- name: 设置k8s_nodename 在/etc/hosts 地址解析
+  lineinfile:
+    dest: /etc/hosts
+    state: present
+    regexp: "{{ K8S_NODENAME }}"
+    line: "{{ inventory_hostname }}    {{ K8S_NODENAME }}"
+  delegate_to: "{{ item }}"
+  with_items: "{{ groups.kube_master }}"
+  when: "inventory_hostname != K8S_NODENAME"
+
+
 # 轮询等待kube-proxy启动完成
 - name: 轮询等待kube-proxy启动
   shell: "systemctl is-active kube-proxy.service"

roles/kube-node/templates/kubelet-csr.json.j2

@@ -2,7 +2,8 @@
   "CN": "system:node:{{ K8S_NODENAME }}",
   "hosts": [
     "127.0.0.1",
-    "{{ inventory_hostname }}"
+    "{{ inventory_hostname }}",
+    "{{ K8S_NODENAME }}"
   ],
   "key": {
     "algo": "rsa",