Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix tls-san handling in rke2 config #96

Merged
merged 1 commit into from
Nov 28, 2023
Merged

Fix tls-san handling in rke2 config #96

merged 1 commit into from
Nov 28, 2023

Conversation

ghsbhatia
Copy link
Contributor

This pull request addresses the following issue:

#93

The fix has been tested on ubuntu 20.04 for the following scenarios:

A) tls-san is present in rke2-config parameter

# Server Configuration
write-kubeconfig-mode: "0644"
tls-san:
  - k8s.foobar.com
node-label:
  - "name=server"
  - "os=ubuntu"
kube-controller-manager-arg:
  - "bind-address=0.0.0.0"
kube-scheduler-arg:
  - "bind-address=0.0.0.0"
node-taint:
  - "CriticalAddonsOnly=true:NoExecute"

The generated /etc/rancher/rke2/config.yaml is:

# Additional user defined configuration
# Server Configuration
write-kubeconfig-mode: "0644"
tls-san:
  - foobar-rke2-wkd-rke2-cp-808cf9ad440d5fe8.elb.us-east-1.amazonaws.com
  - k8s.foobar.com
node-label:
  - "name=server"
  - "os=ubuntu"
kube-controller-manager-arg:
  - "bind-address=0.0.0.0"
kube-scheduler-arg:
  - "bind-address=0.0.0.0"
node-taint:
  - "CriticalAddonsOnly=true:NoExecute"
token: HeHFQYLVfVykWWvrHzD3bqrkyUOVG726TpqwIXNG
cloud-provider-name: "aws"

B) tls-san is not specified in rke2-config parameter

# Server Configuration
write-kubeconfig-mode: "0644"
node-label:
  - "name=server"
  - "os=ubuntu"
kube-controller-manager-arg:
  - "bind-address=0.0.0.0"
kube-scheduler-arg:
  - "bind-address=0.0.0.0"
node-taint:
  - "CriticalAddonsOnly=true:NoExecute"

The generated /etc/rancher/rke2/config.yaml is:

# Additional user defined configuration
# Server Configuration
write-kubeconfig-mode: "0644"
node-label:
  - "name=server"
  - "os=ubuntu"
kube-controller-manager-arg:
  - "bind-address=0.0.0.0"
kube-scheduler-arg:
  - "bind-address=0.0.0.0"
node-taint:
  - "CriticalAddonsOnly=true:NoExecute"
token: HeHFQYLVfVykWWvrHzD9bqrkyUOVH726TpqwIXNG
cloud-provider-name: "aws"
tls-san:
 - foobar-rke2-ut1-rke2-cp-ffa416fcd96b7f24.elb.us-gov-west-1.amazonaws.com

@ghsbhatia
Update rke2-init.sh
aa6e197 
fix tls-san handling in rke2 config
@adamacosta adamacosta self-requested a review November 27, 2023 17:22
@adamacosta adamacosta self-assigned this Nov 27, 2023
adamacosta
adamacosta approved these changes Nov 28, 2023
View reviewed changes
Copy link
Collaborator

@adamacosta adamacosta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deployed with a tls-san set and without. Both worked, handled correctly.

@adamacosta adamacosta merged commit 4206e41 into rancherfederal:master Nov 28, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adamacosta adamacosta adamacosta approved these changes

Assignees

@adamacosta adamacosta

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ghsbhatia @adamacosta