From e5c321f6af4a34a842c134169e351c9fe8ab0883 Mon Sep 17 00:00:00 2001
From: Andrei Kopats <andrei.kopats@gmail.com>
Date: Wed, 17 Feb 2016 15:37:26 +0300
Subject: [PATCH] Add internal API-server IP to the list of certificate SANs

Without this kube2sky fails to comunicate to the API server because
server TLS verification fails. DNS addon doesn't work on
docker setups
---
 cluster/images/hyperkube/master-multi.json | 3 ++-
 cluster/images/hyperkube/master.json       | 3 ++-
 cluster/images/hyperkube/setup-files.sh    | 7 ++++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/cluster/images/hyperkube/master-multi.json b/cluster/images/hyperkube/master-multi.json
index d50aaef9d89..1e866bd52de 100644
--- a/cluster/images/hyperkube/master-multi.json
+++ b/cluster/images/hyperkube/master-multi.json
@@ -64,7 +64,8 @@
       "name": "setup",
       "image": "gcr.io/google_containers/hyperkube-ARCH:VERSION",
       "command": [
-              "/setup-files.sh"
+              "/setup-files.sh",
+              "IP:10.0.0.1"
       ],
       "volumeMounts": [
         {
diff --git a/cluster/images/hyperkube/master.json b/cluster/images/hyperkube/master.json
index e07106cf246..13dddf3984d 100644
--- a/cluster/images/hyperkube/master.json
+++ b/cluster/images/hyperkube/master.json
@@ -64,7 +64,8 @@
       "name": "setup",
       "image": "gcr.io/google_containers/hyperkube-ARCH:VERSION",
       "command": [
-              "/setup-files.sh"
+              "/setup-files.sh",
+              "IP:10.0.0.1"
       ],
       "volumeMounts": [
         {
diff --git a/cluster/images/hyperkube/setup-files.sh b/cluster/images/hyperkube/setup-files.sh
index fefb18a5015..67dde33b554 100644
--- a/cluster/images/hyperkube/setup-files.sh
+++ b/cluster/images/hyperkube/setup-files.sh
@@ -23,6 +23,11 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
+# Additional address of the API server to be added to the
+# list of Subject Alternative Names of the server TLS certificate
+# Should contain internal IP, i.e. IP:10.0.0.1 for 10.0.0.0/24 cluster IP range
+EXTRA_SANS=$1
+
 create_token() {
   echo $(cat /dev/urandom | base64 | tr -d "=+/" | dd bs=32 count=1 2> /dev/null)
 }
@@ -32,7 +37,7 @@ echo "admin,admin,admin" > /data/basic_auth.csv
 
 # Create HTTPS certificates
 groupadd -f -r kube-cert-test
-CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -i)
+CERT_DIR=/data CERT_GROUP=kube-cert-test /make-ca-cert.sh $(hostname -i) ${EXTRA_SANS}
 
 # Create known tokens for service accounts
 echo "$(create_token),admin,admin" >> /data/known_tokens.csv