Comment 0 for bug 1751027

Hello,

Faced the issue during the provisioning of a k8s cluster.

In case of provisioning a k8s cluster only in a private network without floating IPs, it appears impossible to generate the certificates because of a bug in make-cert.sh
https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh#L33-L35

public-ipv4 is not available in the metadata if no floating ip attached. As the outcome we got openssl command failed, because of the empty value for an IP statement in the subjectAltName

+ openssl req -new -days 1000 -key /etc/kubernetes/certs/server.key -out /etc/kubernetes/certs/server.csr -reqexts req_ext -config /etc/kubernetes/certs/server.conf
Error Loading request extension section req_ext
139869997266808:error:2206D06D:X509 V3 routines:X509V3_parse_list:invalid null value:v3_utl.c:336:
139869997266808:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:140:name=subjectAltName,section=IP:,IP:10.10.10.16,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local
139869997266808:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=IP:,IP:10.10.10.16,IP:127.0.0.1,IP:10.254.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster.local

We should add a condition for this statement.