[v0.16.x] Fix etcd certificates when using private zones

[dominicgunn]

Changes

The AWS Cloud Controller does not support private zones, so if you use it with etcd >=v2.4..5 then you will run into issues with cluster initialization, because of a feature introduced the does a reverse dns look up to ensure the IP making requests matches a host on the certificate SANs.

Worse, even if you add all reverse zones so that this does work with your private zone, the aws controller does not name nodes after your private zone, and they instead come up using .compute.internal nodeNames. This causes problem elsewhere in the kube-aws stack where we try to update nodes using hostname, but in this scenario hostname != nodename. (*.myprivate.zone vs *...compute.internal).

This is a hack that allowed us to move forward, but a better implementation is needed & should be revisited.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign dominicgunn
You can assign the PR to them by writing /assign @dominicgunn in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment