cloudcore charts do not use .Values.cloudCore.modules.cloudHub.advertiseAddress when generating certificates in templates _helpers.tpl

[tagGeeY]

What happened: I deployed cloudcore by helm, but error occured when I tried to join edge node:
Error: failed to get edge certificate from the cloudcore, error: Get "https://${PUBLIC_IP}:10002/edge.crt": tls: failed to verify certificate: x509: certificate is valid for 192.168.x.x, not ${PUBLIC_IP}

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):
Deploy cloudcore by helm, and then join edge node.

Anything else we need to know?:
I modified the

kubeedge/manifests/charts/cloudcore/templates/_helpers.tpl

Line 32 in 58bf767

{{- $cert := genSignedCert ( include "cloudcore.name" . ) nil $altNames 365 $ca -}}

to
{{- $cert := genSignedCert ( include "cloudcore.name" . ) ( .Values.cloudCore.modules.cloudHub.advertiseAddress ) $altNames 365 $ca -}}
the trouble resolved.

Environment:

• Kubernetes version (use kubectl version):

• KubeEdge version(e.g. cloudcore --version and edgecore --version): v1.16.2

• Cloud nodes Environment:

  • Hardware configuration (e.g. lscpu):
  • OS (e.g. cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Go version (e.g. go version):
  • Others:
• Edge nodes Environment:

  • edgecore version (e.g. edgecore --version): v1.16.2
  • Hardware configuration (e.g. lscpu):
  • OS (e.g. cat /etc/os-release):
  • Kernel (e.g. uname -a):
  • Go version (e.g. go version):
  • Others:

[WillardHu]

This is used to generate stream certificates, but in practice it requires a k8s csr to sign a certificate that can two-way ssl with api-server, rather than sign certificates with itself.

We plan to replace this function with k8s csr sign certificates, are you interested in contributing to it?

[Shelley-BaoYue]

What‘s the IP of the node where CloudCore is deployed on? The advertiseAddress IP should be same with it.