m/n/kubernetes: factor out cluster domain This removes the hardcoded Kubernetes cluster domain and pushes it out to a single place at the root of the Kubernetes supervisor tree. This will later be aligned with the cluster domain specified in the identity design document, currently this does not change any behavior. It also removes a bogous SAN from the Kubernetes API server certificate (kubernetes.default.svc.cluster) for which there is no corresponding search path. Change-Id: I30b8907a7b846415f5002c09a24d2d37930a9cd1 Reviewed-on: https://review.monogon.dev/c/monogon/+/773 Tested-by: Jenkins CI Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

commit: 78cefcafa315af20d9f603fefd1423fe7bab7483 [log] [tgz]
author: Lorenz Brun <lorenz@monogon.tech> Mon Jun 20 12:59:55 2022 +0000
committer: Lorenz Brun <lorenz@monogon.tech> Tue Jun 21 11:44:25 2022 +0000
tree: b5d8ab0ce4652e30ace81c0cedf64b847260612d
parent: 4025c9bf83aa038c8858c82bc80bd65acecd7210 [diff] [blame]
diff --git a/metropolis/test/e2e/kubernetes_helpers.go b/metropolis/test/e2e/kubernetes_helpers.go
index 44fa660..2e53970 100644
--- a/metropolis/test/e2e/kubernetes_helpers.go
+++ b/metropolis/test/e2e/kubernetes_helpers.go

@@ -45,7 +45,7 @@
 	var clientConfig = rest.Config{
 		Host: fmt.Sprintf("localhost:%v", port),
 		TLSClientConfig: rest.TLSClientConfig{
-			ServerName: "kubernetes.default.svc.cluster.local",
+			ServerName: "kubernetes.default.svc",
 			Insecure:   true,
 			CertData:   pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cluster.Owner.Certificate[0]}),
 			KeyData:    pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: pkcs8Key}),
commit	78cefcafa315af20d9f603fefd1423fe7bab7483	[log] [tgz]
author	Lorenz Brun <lorenz@monogon.tech>	Mon Jun 20 12:59:55 2022 +0000
committer	Lorenz Brun <lorenz@monogon.tech>	Tue Jun 21 11:44:25 2022 +0000
tree	b5d8ab0ce4652e30ace81c0cedf64b847260612d
parent	4025c9bf83aa038c8858c82bc80bd65acecd7210 [diff] [blame]