From 4943e8d617650db0e42d2c925e33e7bfe3ab1994 Mon Sep 17 00:00:00 2001
From: George Angel <github-7574494a@infosecproject.org>
Date: Thu, 27 Feb 2020 18:48:35 +1000
Subject: [PATCH] sys: rm SAN hack including 0 etcd host in all certs

Issue resolved in >v1.16.3
https://github.com/kubernetes/kubernetes/issues/72102#issuecomment-542808932
---
 etcd.tf | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/etcd.tf b/etcd.tf
index 9f554d3..56d5921 100644
--- a/etcd.tf
+++ b/etcd.tf
@@ -17,11 +17,7 @@ data "template_file" "etcd-cfssl-new-cert" {
     org          = ""
     get_ip       = var.get_ip_command[var.cloud_provider]
     get_hostname = var.node_name_command[var.cloud_provider]
-    # workaround for https://github.com/kubernetes/kubernetes/issues/72102
-    # include first member's ip in SAN for all nodes
-    # this replicates kubeadm behaviour to include first node's ip, as kubeadm
-    # generates all certificates on the first node
-    extra_names = join(",", ["etcd.${var.dns_domain}", var.etcd_addresses[0]])
+    extra_names  = join(",", ["etcd.${var.dns_domain}"])
   }
 }