Page MenuHomePhabricator

Figure out how to deal with SSL cert issues for kubernetes masters
Closed, ResolvedPublic


Problem: Kubernetes master use ssl, with puppet certs. The name it has is the fqdn, so


  1. Kubernetes things should use service / DNS names to access this, so it ends up being kubernetes.default.svc rather than tools-k8s-master-01
  2. It requires that we put our CA cert inside all containers, which sucks.
  3. Lots of tools (like kube2sky) won't operate without TLS.

Event Timeline

yuvipanda claimed this task.
yuvipanda raised the priority of this task from to Needs Triage.
yuvipanda updated the task description. (Show Details)
yuvipanda added a project: Cloud-Services.
yuvipanda added subscribers: yuvipanda, Joe.
chasemp subscribed.

I should just setup SANs for the kubernetes domains into the certificate used by the k8s master.

Change 267826 had a related patch set uploaded (by Yuvipanda):
base: Allow adding SANs to puppet CSRs

Change 267826 merged by Yuvipanda:
base: Allow adding SANs to puppet CSRs