Use only one certificate for all apiservers

https://github.com/kubernetes/kubernetes/issues/25063
2026-03-09 11:47:47 +03:00 · 2017-01-13 14:03:20 +03:00
parent e88c10670e
commit 80703010bd
4 changed files with 17 additions and 14 deletions
--- a/roles/kubernetes/secrets/tasks/gen_certs.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs.yml
@@ -39,14 +39,14 @@
                      {% for node in groups['kube-master'] %}
                      'admin-{{ node }}.pem',
                      'admin-{{ node }}-key.pem',
-                      'apiserver-{{ node }}.pem',
-                      'apiserver-{{ node }}-key.pem',
+                      'apiserver.pem',
+                      'apiserver-key.pem',
                      {% endfor %}]"
    my_master_certs: ['ca-key.pem',
                     'admin-{{ inventory_hostname }}.pem',
                     'admin-{{ inventory_hostname }}-key.pem',
-                     'apiserver-{{ inventory_hostname }}.pem',
-                     'apiserver-{{ inventory_hostname }}-key.pem'
+                     'apiserver.pem',
+                     'apiserver-key.pem'
                     ]
    all_node_certs: "['ca.pem',
                    {% for node in groups['k8s-cluster'] %}