From 411510cbe68de3101ae47431f546f951db9e4bf1 Mon Sep 17 00:00:00 2001
From: jeanfabrice <github@bobo-rousselin.com>
Date: Fri, 21 Aug 2020 11:03:39 +0200
Subject: [PATCH] Use proper openssl command to differentiate between host and
 ip in API certificate check (#6392)

* Use proper openssl command to differentiate between host and ip in current certificate check

* fixup! Use proper openssl command to differentiate between host and ip in current certificate check
---
 roles/kubernetes/master/tasks/kubeadm-setup.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index bf43a080c..d37cfd361 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -112,7 +112,7 @@
     - kubeadm_already_run.stat.exists
 
 - name: kubeadm | Check if apiserver.crt contains all needed SANs
-  command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -checkip "{{ item }}"
+  command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -check{{ item|ipaddr|ternary('ip','host') }} "{{ item }}"
   with_items: "{{ apiserver_sans }}"
   register: apiserver_sans_check
   changed_when: "'does match certificate' not in apiserver_sans_check.stdout"