Merge "Fix k8s node addresses in k8s certs"

commit: d22730e2c7e6691ec1d9ad928fa2226caa278b2e [log] [tgz]
author: mcp-jenkins <mcp-jenkins@mirantis.com> Tue Dec 04 17:04:17 2018 +0000
committer: Gerrit Code Review <mail@domain.com> Tue Dec 04 17:04:17 2018 +0000
tree: a5b08d567957cedeea418c96f9b531f8ccdb3ad2
parent: a3f8a380f3b18b5aab12f0ec5d17cb74cece6d6b [diff]
parent: 388f4f0dc9dafbcab4928bfd53e2c2da921153df [diff]
diff --git a/salt/minion/cert/k8s_client.yml b/salt/minion/cert/k8s_client.yml
index be262b5..5f065d5 100644
--- a/salt/minion/cert/k8s_client.yml
+++ b/salt/minion/cert/k8s_client.yml

@@ -11,7 +11,7 @@
           common_name: system:node:${linux:system:name}
           organization_name: system:nodes
           signing_policy: cert_client
-          alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
         k8s_proxy:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
@@ -20,7 +20,7 @@
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-proxy
           signing_policy: cert_client
-          alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
         k8s_scheduler:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
@@ -29,7 +29,7 @@
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-scheduler
           signing_policy: cert_client
-          alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
         k8s_controller_manager:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
@@ -38,4 +38,4 @@
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-controller-manager
           signing_policy: cert_client
-          alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}

diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml
index e9c7d79..a4302a3 100644
--- a/salt/minion/cert/k8s_client_single.yml
+++ b/salt/minion/cert/k8s_client_single.yml

@@ -11,7 +11,7 @@
           common_name: system:node:${linux:system:name}
           organization_name: system:nodes
           signing_policy: cert_client
-          alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
         k8s_proxy:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
@@ -20,7 +20,7 @@
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-proxy
           signing_policy: cert_client
-          alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
         k8s_scheduler:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
@@ -29,7 +29,7 @@
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-scheduler
           signing_policy: cert_client
-          alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
         k8s_controller_manager:
           host: ${_param:salt_minion_ca_host}
           authority: ${_param:salt_minion_ca_authority}
@@ -38,4 +38,4 @@
           ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
           common_name: system:kube-controller-manager
           signing_policy: cert_client
-          alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}

diff --git a/salt/minion/cert/k8s_server.yml b/salt/minion/cert/k8s_server.yml
index 603d369..025f3ae 100644
--- a/salt/minion/cert/k8s_server.yml
+++ b/salt/minion/cert/k8s_server.yml

@@ -10,4 +10,4 @@
           cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
           all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
           signing_policy: cert_server
-          alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc

diff --git a/salt/minion/cert/k8s_server_single.yml b/salt/minion/cert/k8s_server_single.yml
index 33637e4..2cc5caa 100644
--- a/salt/minion/cert/k8s_server_single.yml
+++ b/salt/minion/cert/k8s_server_single.yml

@@ -10,4 +10,4 @@
           cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
           all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
           signing_policy: cert_server
-          alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+          alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
commit	d22730e2c7e6691ec1d9ad928fa2226caa278b2e	[log] [tgz]
author	mcp-jenkins <mcp-jenkins@mirantis.com>	Tue Dec 04 17:04:17 2018 +0000
committer	Gerrit Code Review <mail@domain.com>	Tue Dec 04 17:04:17 2018 +0000
tree	a5b08d567957cedeea418c96f9b531f8ccdb3ad2
parent	a3f8a380f3b18b5aab12f0ec5d17cb74cece6d6b [diff]
parent	388f4f0dc9dafbcab4928bfd53e2c2da921153df [diff]