From a5b012e690935f58b2711aea0defa8f7159e8b42 Mon Sep 17 00:00:00 2001
From: gjmzj <jmgaozz@hotmail.com>
Date: Mon, 6 Feb 2023 19:32:19 +0800
Subject: [PATCH] fix: certs error when run 'kubectl exec' or 'kubectl logs'

---
 example/hosts.allinone                        |  2 +-
 roles/kube-node/tasks/main.yml                | 12 ++++++++++++
 roles/kube-node/templates/kubelet-csr.json.j2 |  3 ++-
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/example/hosts.allinone b/example/hosts.allinone
index 883a96c..c570077 100644
--- a/example/hosts.allinone
+++ b/example/hosts.allinone
@@ -6,7 +6,7 @@
 # CAUTION: 'k8s_nodename' must consist of lower case alphanumeric characters, '-' or '.',
 # and must start and end with an alphanumeric character
 [kube_master]
-192.168.1.1 k8s_nodename=''
+192.168.1.1
 
 # work node(s), set unique 'k8s_nodename' for each node
 # CAUTION: 'k8s_nodename' must consist of lower case alphanumeric characters, '-' or '.',
diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml
index 52a0ce6..b171ebc 100644
--- a/roles/kube-node/tasks/main.yml
+++ b/roles/kube-node/tasks/main.yml
@@ -74,6 +74,18 @@
   shell: systemctl daemon-reload && systemctl restart kube-proxy
   tags: reload-kube-proxy, upgrade_k8s, restart_node, force_change_certs
 
+# 设置k8s_nodename 在/etc/hosts 地址解析
+- name: 设置k8s_nodename 在/etc/hosts 地址解析
+  lineinfile:
+    dest: /etc/hosts
+    state: present
+    regexp: "{{ K8S_NODENAME }}"
+    line: "{{ inventory_hostname }}    {{ K8S_NODENAME }}"
+  delegate_to: "{{ item }}"
+  with_items: "{{ groups.kube_master }}"
+  when: "inventory_hostname != K8S_NODENAME"
+
+
 # 轮询等待kube-proxy启动完成
 - name: 轮询等待kube-proxy启动
   shell: "systemctl is-active kube-proxy.service"
diff --git a/roles/kube-node/templates/kubelet-csr.json.j2 b/roles/kube-node/templates/kubelet-csr.json.j2
index d4ac95a..558e2c8 100644
--- a/roles/kube-node/templates/kubelet-csr.json.j2
+++ b/roles/kube-node/templates/kubelet-csr.json.j2
@@ -2,7 +2,8 @@
   "CN": "system:node:{{ K8S_NODENAME }}",
   "hosts": [
     "127.0.0.1",
-    "{{ inventory_hostname }}"
+    "{{ inventory_hostname }}",
+    "{{ K8S_NODENAME }}"
   ],
   "key": {
     "algo": "rsa",