From 26cbb79960fbdeff58469954ac3cd64e3fa5c3e9 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sat, 2 May 2026 20:35:13 -0400
Subject: [PATCH] Add IP addresses to worker certs for the metrics server.

---
 nix/kubernetes/keys/package/k8s-ca/files/client-ca.conf | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/nix/kubernetes/keys/package/k8s-ca/files/client-ca.conf b/nix/kubernetes/keys/package/k8s-ca/files/client-ca.conf
index c752da08..ac8d404d 100644
--- a/nix/kubernetes/keys/package/k8s-ca/files/client-ca.conf
+++ b/nix/kubernetes/keys/package/k8s-ca/files/client-ca.conf
@@ -120,7 +120,7 @@ extendedKeyUsage     = clientAuth, serverAuth
 keyUsage             = critical, digitalSignature, keyEncipherment
 nsCertType           = client
 nsComment            = "worker0 Certificate"
-subjectAltName       = DNS:worker0, IP:127.0.0.1
+subjectAltName       = DNS:worker0, IP:127.0.0.1, IP:10.215.1.224, IP:2620:11f:7001:7:ffff:ffff:ad7:1e0
 subjectKeyIdentifier = hash
 
 [worker0_distinguished_name]
@@ -141,7 +141,7 @@ extendedKeyUsage     = clientAuth, serverAuth
 keyUsage             = critical, digitalSignature, keyEncipherment
 nsCertType           = client
 nsComment            = "worker1 Certificate"
-subjectAltName       = DNS:worker1, IP:127.0.0.1
+subjectAltName       = DNS:worker1, IP:127.0.0.1, IP:10.215.1.225, IP:2620:11f:7001:7:ffff:ffff:ad7:1e1
 subjectKeyIdentifier = hash
 
 [worker1_distinguished_name]
@@ -162,7 +162,7 @@ extendedKeyUsage     = clientAuth, serverAuth
 keyUsage             = critical, digitalSignature, keyEncipherment
 nsCertType           = client
 nsComment            = "worker2 Certificate"
-subjectAltName       = DNS:worker2, IP:127.0.0.1
+subjectAltName       = DNS:worker2, IP:127.0.0.1, IP:10.215.1.226, IP:2620:11f:7001:7:ffff:ffff:ad7:1e2
 subjectKeyIdentifier = hash
 
 [worker2_distinguished_name]