Remove SAN from etcd peer cert

The mTLS validation fails if the SAN doesn't have IP address in it. Github Issue here: etcd-io/etcd#8534 [#154472172] Signed-off-by: Greg Patricio <[email protected]>
cloudfoundry-incubator · Jan 29, 2018 · 76fbb6d · 76fbb6d
1 parent 19929f8
commit 76fbb6d
Showing 1 changed file with 2 additions and 5 deletions.
diff --git a/manifests/cfcr.yml b/manifests/cfcr.yml
@@ -238,10 +238,9 @@ variables:
   type: certificate
   options:
     ca: kubo_ca
-    common_name: etcd.cfcr.internal
+    common_name: "*.etcd.cfcr.internal"
     alternative_names:
     - etcd.cfcr.internal
-    - "*.etcd.cfcr.internal"
 
 - name: tls-etcd-client
   type: certificate
@@ -253,9 +252,7 @@ variables:
   type: certificate
   options:
     ca: kubo_ca
-    common_name: etcd.cfcr.internal
-    alternative_names:
-    - "*.etcd.cfcr.internal"
+    common_name: "*.etcd.cfcr.internal"
 
 - name: tls-heapster
   type: certificate