Description of problem: Regenerated cert for web frontend using oadm create-master-certs and it ended up updating kube configs with invalid URL entries. Version-Release number of selected component (if applicable): 3.1.1.6 How reproducible: Always Steps to Reproduce: 1. Spin up native ha cluster 2. Update certs with `oadm create-master-certs --hostnames="$(openssl x509 -in back/master.server.crt -text | grep api | sed 's/DNS://g;s/IP Address://g;s/ //g'),console.cluster.openshift.com" --master=api.cluster.openshift.com --public-master=api.cluster.openshift.com --cert-dir=$PWD --overwrite=false` (notice public-master and master are not FQDN) 3. ls -l in /etc/origin/master and see the *.kubeconfig files got updated Actual results: Expected results: --public-master and --master should have checks for FQDN names --overwrite=false should error if it sees that it is about to overwrite a file and error out Additional info:
Added validation in https://github.com/openshift/origin/pull/7333 Still need to think through --overwrite behavior.
hostname validation merged upstream in https://github.com/openshift/origin/pull/7333
Checked with devenv_rhel7_3509 and # openshift version openshift v3.1.1.905 kubernetes v1.2.0-alpha.7-703-gbc4550d etcd 2.2.5 the bug can not be reproduced.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2016:1064