Kubeadm: Additional SAN for kubelet-client certificate

Hi all,

I use kubeadm to create my kubernetes-clusters and ran into this issue: https://github.com/kubernetes/kubernetes/issues/62939. According to this comment https://github.com/kubernetes/kubernetes/issues/62939#issuecomment-383324760 this occurs because no SAN set in the apiserver-kubelet-client.crt.

I generate this certs with the kubeadm init phase certs apiserver-kubelet-client command and there’s no cli argument for additional sans and I couldn’t figure out which yaml option for the config would be suitable.

Does anyone know how to solve this?

Cluster information:

Kubernetes version: 1.18.6
Cloud being used: (put bare-metal if not on a public cloud): bare-metal
Installation method: kubeadm
Host OS: Ubuntu 20.04
CNI and version: Weave 2.6.x
CRI and version: Docker 19.03