2015-12-11 18:32:13 +08:00
|
|
|
[req]
|
|
|
|
req_extensions = v3_req
|
|
|
|
distinguished_name = req_distinguished_name
|
|
|
|
[req_distinguished_name]
|
|
|
|
[ v3_req ]
|
|
|
|
basicConstraints = CA:FALSE
|
|
|
|
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
|
|
|
|
subjectAltName = @alt_names
|
|
|
|
[alt_names]
|
|
|
|
DNS.1 = kubernetes
|
|
|
|
DNS.2 = kubernetes.default
|
2016-04-01 18:40:01 +08:00
|
|
|
DNS.3 = kubernetes.default.svc
|
|
|
|
DNS.4 = kubernetes.default.svc.{{ dns_domain }}
|
2016-09-28 19:05:08 +08:00
|
|
|
DNS.5 = localhost
|
2016-09-27 01:14:19 +08:00
|
|
|
{% for host in groups['kube-master'] %}
|
2016-09-28 19:05:08 +08:00
|
|
|
DNS.{{ 5 + loop.index }} = {{ host }}
|
2016-09-27 01:14:19 +08:00
|
|
|
{% endfor %}
|
2017-11-24 00:15:48 +08:00
|
|
|
{% if loadbalancer_apiserver is defined %}
|
2017-02-16 05:13:52 +08:00
|
|
|
{% set idx = groups['kube-master'] | length | int + 5 + 1 %}
|
2016-09-28 19:05:08 +08:00
|
|
|
DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
|
2015-12-15 23:51:55 +08:00
|
|
|
{% endif %}
|
2015-12-11 18:32:13 +08:00
|
|
|
{% for host in groups['kube-master'] %}
|
2016-01-27 04:41:42 +08:00
|
|
|
IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
|
|
|
|
IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
|
2015-12-11 18:32:13 +08:00
|
|
|
{% endfor %}
|
2016-01-27 04:41:42 +08:00
|
|
|
{% set idx = groups['kube-master'] | length | int * 2 + 1 %}
|
2016-09-28 19:05:08 +08:00
|
|
|
IP.{{ idx }} = {{ kube_apiserver_ip }}
|
2018-01-31 00:33:00 +08:00
|
|
|
{% if loadbalancer_apiserver is defined %}
|
|
|
|
IP.{{ idx + 1 }} = {{ loadbalancer_apiserver.address }}
|
|
|
|
{% endif %}
|
2016-09-28 19:05:08 +08:00
|
|
|
IP.{{ idx + 1 }} = 127.0.0.1
|
2017-10-17 18:06:07 +08:00
|
|
|
{% if supplementary_addresses_in_ssl_keys is defined %}
|
|
|
|
{% set is = idx + 1 %}
|
|
|
|
{% for addr in supplementary_addresses_in_ssl_keys %}
|
|
|
|
IP.{{ is + loop.index }} = {{ addr }}
|
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|