Sometime my api-server need be accessed from private and public network and I don’t want to use “insecure-skip-tls-verify: true” this is my config.yaml
...
...
...
---
apiServer:
timeoutForControlPlane: 4m0s
certSANs:
- "61.x.y.z"
- "api1.home.net"
apiVersion: kubeadm.k8s.io/v1beta2
...
...
...
verify:
openssl s_client -connect 192.168.0.24:6443 2>&1 | openssl x509 -text | grep -A2 "Subject Alternative Name"
X509v3 Subject Alternative Name:
DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:api1.home.net, DNS:jbk8s-0001, IP Address:192.96.0.1, IP Address:192.168.0.24, IP Address:61.x.y.z
Done