kubernetes: fix certificate generation

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
author: Sascha Grunert <sgrunert@suse.com> 2020-08-31 13:07:58 +0200
committer: Sascha Grunert <sgrunert@suse.com> 2020-09-10 13:07:32 +0200
commit: 35f7a3347c3844dc2f41d66a6fb898d9d45d15b9 (patch)
tree: 47721fbb96e326d7cd3e5f1e269d11ebb865cea6 /nixos/modules/services/cluster/kubernetes/pki.nix
parent: 9210c8e8ed1cc33931bac44eb89d62a78f7e4a67 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix
index 4275563f1a3..933ae481e96 100644
--- a/nixos/modules/services/cluster/kubernetes/pki.nix
+++ b/nixos/modules/services/cluster/kubernetes/pki.nix
@@ -20,7 +20,7 @@ let
         size = 2048;
     };
     CN = top.masterAddress;
-    hosts = cfg.cfsslAPIExtraSANs;
+    hosts = [top.masterAddress] ++ cfg.cfsslAPIExtraSANs;
   });
 
   cfsslAPITokenBaseName = "apitoken.secret";
@@ -228,7 +228,8 @@ in
             };
             private_key = cert.privateKeyOptions;
             request = {
-              inherit (cert) CN hosts;
+              hosts = [cert.CN] ++ cert.hosts;
+              inherit (cert) CN;
               key = {
                 algo = "rsa";
                 size = 2048;
author	Sascha Grunert <sgrunert@suse.com>	2020-08-31 13:07:58 +0200
committer	Sascha Grunert <sgrunert@suse.com>	2020-09-10 13:07:32 +0200
commit	35f7a3347c3844dc2f41d66a6fb898d9d45d15b9 (patch)
tree	47721fbb96e326d7cd3e5f1e269d11ebb865cea6 /nixos/modules/services/cluster/kubernetes/pki.nix
parent	9210c8e8ed1cc33931bac44eb89d62a78f7e4a67 (diff)