forked from hswaw/hscloud
Sergiusz Bazanski
d186e9468d
In https://gerrit.hackerspace.pl/c/hscloud/+/70 we accidentally introduced a split-horizon DNS situation: - k0.hswaw.net from the Internet resolves to nodes running the k8s API servers, and as such can serve API server traffic - k0.hswaw.net from the cluster returned no results This broke prodvider in two ways: - it dialed the API servers at k0.hswaw.net - even after the endpoint was moved to kubernetes.default.svc.k0.hswaw.net, the apiserver cert didn't cover that Thus, not only we had to change the prodvider endpoint but also change the APIserver certs to cover this new name. I'm not sure this should be the target fix. I think at some point we should only start referring to in-cluster services via their full (or cluster.local) names, but right now k0.hswaw.net is an exception and as such a split, and we have no way to access the internal services from the outside just yet. However, getting prodvider to work is important enough that this fix is IMO good enough for now. Change-Id: I13d0681208c66f4060acecc78b7ae14b8f8d7125 |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| BUILD | ||
| ca.py | ||
| clustercfg.py | ||