diff --git a/conformance/v1.21/README.md b/conformance/v1.21/README.md index d8a89a036..63e4f474e 100644 --- a/conformance/v1.21/README.md +++ b/conformance/v1.21/README.md @@ -48,7 +48,7 @@ syncer: - --disable-sync-resources=ingresses ``` -Now create the vcluster with the [vcluster cli](https://github.com/loft-sh/vcluster/releases) (at least version v0.3.1 or newer): +Now create the vcluster with the [vcluster cli](https://github.com/loft-sh/vcluster/releases) (at least version v0.3.2 or newer): ``` # Create the vcluster vcluster create vcluster -n vcluster -f values.yaml diff --git a/devspace.yaml b/devspace.yaml index 843ab2047..605564f8b 100644 --- a/devspace.yaml +++ b/devspace.yaml @@ -3,7 +3,7 @@ vars: - name: SYNCER_IMAGE value: ghcr.io/loft-sh/loft-enterprise/dev-vcluster - name: K3S_IMAGE - value: rancher/k3s:v1.20.5-k3s1 + value: rancher/k3s:v1.21.2-k3s1 # Replace this with your clusters service CIDR, you can find it out via # kubectl apply -f hack/wrong-cluster-ip-service.yaml - name: SERVICE_CIDR diff --git a/pkg/server/cert/cert.go b/pkg/server/cert/cert.go index 23e9c8555..b1227fe97 100644 --- a/pkg/server/cert/cert.go +++ b/pkg/server/cert/cert.go @@ -10,12 +10,12 @@ import ( "os" ) -func GenServingCerts(caCertFile, caKeyFile, certFile, keyFile string, SANs []string) (bool, error) { +func GenServingCerts(caCertFile, caKeyFile, certFile, keyFile, clusterDomain string, SANs []string) (bool, error) { regen := false commonName := "kube-apiserver" extKeyUsage := []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth} altNames := &certhelper.AltNames{ - DNSNames: []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes", "localhost"}, + DNSNames: []string{"kubernetes.default.svc." + clusterDomain, "kubernetes.default.svc", "kubernetes.default", "kubernetes", "localhost"}, IPs: []net.IP{net.ParseIP("127.0.0.1")}, } diff --git a/pkg/server/cert/syncer.go b/pkg/server/cert/syncer.go index d58faf2fb..de6b47e1f 100644 --- a/pkg/server/cert/syncer.go +++ b/pkg/server/cert/syncer.go @@ -34,6 +34,8 @@ type Syncer interface { func NewSyncer(ctx *ctrlcontext.ControllerContext) Syncer { return &syncer{ + clusterDomain: ctx.Options.ClusterDomain, + serverCaKey: ctx.Options.ServerCaKey, serverCaCert: ctx.Options.ServerCaCert, @@ -47,6 +49,8 @@ func NewSyncer(ctx *ctrlcontext.ControllerContext) Syncer { } type syncer struct { + clusterDomain string + serverCaCert string serverCaKey string @@ -158,7 +162,7 @@ func (s *syncer) regen(extraSANs []string) error { klog.Infof("Generating serving cert for service ips: %v", extraSANs) tlsCert := filepath.Join(certPath, "serving-tls.crt") tlsKey := filepath.Join(certPath, "serving-tls.key") - _, err = GenServingCerts(s.serverCaCert, s.serverCaKey, tlsCert, tlsKey, extraSANs) + _, err = GenServingCerts(s.serverCaCert, s.serverCaKey, tlsCert, tlsKey, s.clusterDomain, extraSANs) if err != nil { return err }