From aeb0068547834d02d5b104f25fc6913be07d628c Mon Sep 17 00:00:00 2001
From: Robert Bailey <robertbailey@google.com>
Date: Mon, 8 Jun 2015 14:00:01 -0700
Subject: [PATCH] Add 'kubernetes' (the service name) and the master name as
 SANs on the master's certificate.

---
 cluster/gce/util.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cluster/gce/util.sh b/cluster/gce/util.sh
index 5ebe3546151..54de81ee9bb 100755
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@@ -541,7 +541,7 @@ function create-certs {
     cd easy-rsa-master/easyrsa3
     ./easyrsa init-pki > /dev/null 2>&1
     ./easyrsa --batch "--req-cn=${cert_ip}@$(date +%s)" build-ca nopass > /dev/null 2>&1
-    ./easyrsa --subject-alt-name=IP:"${cert_ip}" build-server-full "${MASTER_NAME}" nopass > /dev/null 2>&1
+    ./easyrsa --subject-alt-name=IP:"${cert_ip}",DNS:kubernetes,DNS:"${MASTER_NAME}" build-server-full "${MASTER_NAME}" nopass > /dev/null 2>&1
     ./easyrsa build-client-full kubelet nopass > /dev/null 2>&1
     ./easyrsa build-client-full kubecfg nopass > /dev/null 2>&1) || {
     # If there was an error in the subshell, just die.