Kubernetes multiple SAN api-server

Jbn1233
Mar 11, 2021

--

Sometime my api-server need be accessed from private and public network and I don’t want to use “insecure-skip-tls-verify: true” this is my config.yaml

...
...
...
---
apiServer:
timeoutForControlPlane: 4m0s
certSANs:
- "61.x.y.z"
- "api1.home.net"
apiVersion: kubeadm.k8s.io/v1beta2
...
...
...

verify:

openssl s_client -connect  192.168.0.24:6443  2>&1 | openssl x509 -text  | grep -A2 "Subject Alternative Name" 
X509v3 Subject Alternative Name:
DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:api1.home.net, DNS:jbk8s-0001, IP Address:192.96.0.1, IP Address:192.168.0.24, IP Address:61.x.y.z

Done

--

--

Jbn1233
Jbn1233

Written by Jbn1233

Very short and simple notes for CKA/SRE and may not works on your environment | jbn1233@gmail.com | Bangkok, Thailand |

No responses yet