Revert etcd workaround deletion

utilitywarehouse · Oct 7, 2019 · f3d0574 · f3d0574
1 parent 69a1a2c
commit f3d0574
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/etcd.tf b/etcd.tf
@@ -8,15 +8,19 @@ data "template_file" "etcd-cfssl-new-cert" {
   template = file("${path.module}/resources/cfssl-new-cert.sh")
 
   vars = {
-    cert_name   = "node"
-    user        = "etcd"
-    group       = "etcd"
-    profile     = "client-server"
-    path        = "/etc/etcd/ssl"
-    cn          = "${count.index}.etcd.${var.dns_domain}"
-    org         = ""
-    get_ip      = var.get_ip_command[var.cloud_provider]
-    extra_names = ""
+    cert_name = "node"
+    user      = "etcd"
+    group     = "etcd"
+    profile   = "client-server"
+    path      = "/etc/etcd/ssl"
+    cn        = "${count.index}.etcd.${var.dns_domain}"
+    org       = ""
+    get_ip    = var.get_ip_command[var.cloud_provider]
+    # workaround for https://github.com/kubernetes/kubernetes/issues/72102
+    # include first member's ip in SAN for all nodes
+    # this replicates kubeadm behaviour to include first node's ip, as kubeadm
+    # generates all certificates on the first node
+    extra_names = join(",", ["etcd.${var.dns_domain}", var.etcd_addresses[0]])
   }
 }