m/n/kubernetes: factor out cluster domain
This removes the hardcoded Kubernetes cluster domain and pushes it out
to a single place at the root of the Kubernetes supervisor tree.
This will later be aligned with the cluster domain specified in the
identity design document, currently this does not change any behavior.
It also removes a bogous SAN from the Kubernetes API server certificate
(kubernetes.default.svc.cluster) for which there is no corresponding
search path.
Change-Id: I30b8907a7b846415f5002c09a24d2d37930a9cd1
Reviewed-on: https://review.monogon.dev/c/monogon/+/773
Tested-by: Jenkins CI
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>
diff --git a/metropolis/node/kubernetes/kubelet.go b/metropolis/node/kubernetes/kubelet.go
index d966e5d..31357ab 100644
--- a/metropolis/node/kubernetes/kubelet.go
+++ b/metropolis/node/kubernetes/kubelet.go
@@ -38,6 +38,7 @@
type kubeletService struct {
NodeName string
ClusterDNS []net.IP
+ ClusterDomain string
KubeletDirectory *localstorage.DataKubernetesKubeletDirectory
EphemeralDirectory *localstorage.EphemeralDirectory
Output io.Writer
@@ -92,7 +93,7 @@
},
},
// TODO(q3k): move reconciler.False to a generic package, fix the following references.
- ClusterDomain: "cluster.local", // cluster.local is hardcoded in the certificate too currently
+ ClusterDomain: s.ClusterDomain,
EnableControllerAttachDetach: reconciler.False(),
HairpinMode: "none",
MakeIPTablesUtilChains: reconciler.False(), // We don't have iptables