Merge pull request #64718 from liztio/kubeadm-downcase-fqdn

Automatic merge from submit-queue (batch tested with PRs 63322, 64718, 64708, 64775, 64777). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm lowercases all domain names passed as additional SANs **What this PR does / why we need it**: Some domains, like ELBs, output a domain name with uppercase letters. To accept these, we lowercase all arguments passed to ----apiserver-cert-extra-sans **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #[kubeadm/827](https://github.com/kubernetes/kubeadm/issues/827) ```release-note NONE ```
2025-08-01 07:47:56 +00:00 · 2018-06-05 14:31:09 -07:00 · 2018-06-05 14:31:09 -07:00 · 148458a6df
commit 148458a6df
parent 2bb6fdc675 db52cd4cdb
2 changed files with 62 additions and 0 deletions
--- a/cmd/kubeadm/app/util/config/masterconfig.go
+++ b/cmd/kubeadm/app/util/config/masterconfig.go
@ -20,6 +20,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net"
 	"strings"
 	"github.com/golang/glog"
@ -64,6 +65,9 @@ func SetInitDynamicDefaults(cfg *kubeadmapi.MasterConfiguration) error {
 		return err
 	}
 	// Downcase SANs. Some domain names (like ELBs) have capitals in them.
 	LowercaseSANs(cfg.APIServerCertSANs)
 	// Populate the .Token field with a random value if unset
 	// We do this at this layer, and not the API defaulting layer
 	// because of possible security concerns, and more practically
@ -215,3 +219,14 @@ func NormalizeKubernetesVersion(cfg *kubeadmapi.MasterConfiguration) error {
 	}
 	return nil
 }
 // LowercaseSANs can be used to force all SANs to be lowercase so it passes IsDNS1123Subdomain
 func LowercaseSANs(sans []string) {
 	for i, san := range sans {
 		lowercase := strings.ToLower(san)
 		if lowercase != san {
 			glog.V(1).Infof("lowercasing SAN %q to %q", san, lowercase)
 			sans[i] = lowercase
 		}
 	}
 }
--- a/cmd/kubeadm/app/util/config/masterconfig_test.go
+++ b/cmd/kubeadm/app/util/config/masterconfig_test.go
@ -176,3 +176,50 @@ func TestUpgrade(t *testing.T) {
 		t.Errorf("v1alpha1 object after unmarshal, conversion and marshal didn't match expected value.\n\tdiff: \n%s\n", diff(afterExpected, afterActual))
 	}
 }
 func TestLowercaseSANs(t *testing.T) {
 	tests := []struct {
 		name string
 		in   []string
 		out  []string
 	}{
 		{
 			name: "empty struct",
 		},
 		{
 			name: "already lowercase",
 			in:   []string{"example.k8s.io"},
 			out:  []string{"example.k8s.io"},
 		},
 		{
 			name: "ip addresses and uppercase",
 			in:   []string{"EXAMPLE.k8s.io", "10.100.0.1"},
 			out:  []string{"example.k8s.io", "10.100.0.1"},
 		},
 		{
 			name: "punycode and uppercase",
 			in:   []string{"xn--7gq663byk9a.xn--fiqz9s", "ANOTHEREXAMPLE.k8s.io"},
 			out:  []string{"xn--7gq663byk9a.xn--fiqz9s", "anotherexample.k8s.io"},
 		},
 	}
 	for _, test := range tests {
 		t.Run(test.name, func(t *testing.T) {
 			cfg := &v1alpha2.MasterConfiguration{
 				APIServerCertSANs: test.in,
 			}
 			LowercaseSANs(cfg.APIServerCertSANs)
 			if len(cfg.APIServerCertSANs) != len(test.out) {
 				t.Fatalf("expected %d elements, got %d", len(test.out), len(cfg.APIServerCertSANs))
 			}
 			for i, expected := range test.out {
 				if cfg.APIServerCertSANs[i] != expected {
 					t.Errorf("expected element %d to be %q, got %q", i, expected, cfg.APIServerCertSANs[i])
 				}
 			}
 		})
 	}
 }