From f3d0574dfd0a0fc67df1389ae490e4553ca3ccde Mon Sep 17 00:00:00 2001
From: Foivos Filippopoulos <ffilippopoulos@utilitywarehouse.co.uk>
Date: Mon, 7 Oct 2019 11:18:35 +0100
Subject: [PATCH] Revert etcd workaround deletion

---
 etcd.tf | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/etcd.tf b/etcd.tf
index 9adc212..4f7e5ba 100644
--- a/etcd.tf
+++ b/etcd.tf
@@ -8,15 +8,19 @@ data "template_file" "etcd-cfssl-new-cert" {
   template = file("${path.module}/resources/cfssl-new-cert.sh")
 
   vars = {
-    cert_name   = "node"
-    user        = "etcd"
-    group       = "etcd"
-    profile     = "client-server"
-    path        = "/etc/etcd/ssl"
-    cn          = "${count.index}.etcd.${var.dns_domain}"
-    org         = ""
-    get_ip      = var.get_ip_command[var.cloud_provider]
-    extra_names = ""
+    cert_name = "node"
+    user      = "etcd"
+    group     = "etcd"
+    profile   = "client-server"
+    path      = "/etc/etcd/ssl"
+    cn        = "${count.index}.etcd.${var.dns_domain}"
+    org       = ""
+    get_ip    = var.get_ip_command[var.cloud_provider]
+    # workaround for https://github.com/kubernetes/kubernetes/issues/72102
+    # include first member's ip in SAN for all nodes
+    # this replicates kubeadm behaviour to include first node's ip, as kubeadm
+    # generates all certificates on the first node
+    extra_names = join(",", ["etcd.${var.dns_domain}", var.etcd_addresses[0]])
   }
 }