Add customer-specified certificates for kubernetes
We need the ability to update the Kubernetes ApiServer RootCA at
ansible-bootstrap-time. This includes the ability of being able to
specify the apiServerCertSANs such that user can specify additional
DNS:<FQDN> and/or IP Records for the auto-generated
apiServerCertificate.
This adds support for storing the apiServerCertSANs in the sysinv
database and modifies the puppet manifest to support user supplied SAN
records.
Partial-Bug: 1837079
Change-Id: I4d23828b31ced55d55b1c6932d0cfd6b59727288
Signed-off-by: David Sullivan <email address hidden>
Reviewed: https:/ /review. opendev. org/671559 /git.openstack. org/cgit/ starlingx/ config/ commit/ ?id=e6aec4890dd d162cb0b415e213 c593d798151841
Committed: https:/
Submitter: Zuul
Branch: master
commit e6aec4890ddd162 cb0b415e213c593 d798151841
Author: David Sullivan <email address hidden>
Date: Tue Jul 16 16:21:28 2019 -0400
Add customer-specified certificates for kubernetes
We need the ability to update the Kubernetes ApiServer RootCA at bootstrap- time. This includes the ability of being able to rtificate.
ansible-
specify the apiServerCertSANs such that user can specify additional
DNS:<FQDN> and/or IP Records for the auto-generated
apiServerCe
This adds support for storing the apiServerCertSANs in the sysinv
database and modifies the puppet manifest to support user supplied SAN
records.
Partial-Bug: 1837079 5d55b1c6932d0cf d6b59727288
Change-Id: I4d23828b31ced5
Signed-off-by: David Sullivan <email address hidden>