kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use proper openssl command to differentiate between host and ip in API certificate check (#6392) 

* Use proper openssl command to differentiate between host and ip in current certificate check

* fixup! Use proper openssl command to differentiate between host and ip in current certificate check
pull/6574/head
jeanfabrice 2020-08-21 11:03:39 +02:00 committed by GitHub
parent 6e2b8a5750
commit 411510cbe6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/kubernetes/master/tasks/kubeadm-setup.yml
View File

@ -112,7 +112,7 @@
- kubeadm_already_run.stat.exists - kubeadm_already_run.stat.exists
- name: kubeadm | Check if apiserver.crt contains all needed SANs - name: kubeadm | Check if apiserver.crt contains all needed SANs
command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -checkip "{{ item }}" command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -check{{ item|ipaddr|ternary('ip','host') }} "{{ item }}"
with_items: "{{ apiserver_sans }}" with_items: "{{ apiserver_sans }}"
register: apiserver_sans_check register: apiserver_sans_check
changed_when: "'does match certificate' not in apiserver_sans_check.stdout" changed_when: "'does match certificate' not in apiserver_sans_check.stdout"