Open Friz-zy opened 1 year ago
convert
storage.etcd.peerAddress
into list of strings
hmm, etcd only accepts a single peer address per node as it's the address other members are supposed to communicate with it. Why would you need multiple SANs on that?
Is your feature request related to a problem? Please describe.
I have a problem with etcd certificates with setup in docker swarm: in swarm k0s container could has multiple IPs like multiple container IPs and service IP. Only service IP present in dns record which docker resolver return for dns lookup. ETCD gave me a bunch of errors about invalid server, peer or client certs depends on my configuration tries...
Describe the solution you would like
Currently only
pki/server.crt
andpki/k0s-api.crt
contain multiple alternative names, coming from config and auto discovery:Golang code that collects it located here
In opposite to
api.sans
config,storage.etcd.peerAddress
allow me set only one address or name, not multiple: config and codeSo my suggestion is simple: 1) set default list of alternatives names, including
api.sans
list, into all certificates, like it currently works forpki/server.crt
andpki/k0s-api.crt
2) convertstorage.etcd.peerAddress
into list of stringsList of certificates that require this changes:
Addition certs that could be also updated:
Describe alternatives you've considered
No response
Additional context
No response