From b5323148a7e0f2c0776243ddd3da152f92dab51e Mon Sep 17 00:00:00 2001
From: Benjamin Schimke <benjamin.schimke@canonical.com>
Date: Wed, 28 Aug 2024 12:03:07 +0200
Subject: [PATCH] Add join token to SANs (#47)

---
 bootstrap/controllers/ck8sconfig_controller.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/bootstrap/controllers/ck8sconfig_controller.go b/bootstrap/controllers/ck8sconfig_controller.go
index bf24330f..bdd70113 100644
--- a/bootstrap/controllers/ck8sconfig_controller.go
+++ b/bootstrap/controllers/ck8sconfig_controller.go
@@ -232,9 +232,15 @@ func (r *CK8sConfigReconciler) joinControlplane(ctx context.Context, scope *Scop
 		return fmt.Errorf("failed to request join token: %w", err)
 	}
 
+	controlPlaneConfig := scope.Config.Spec.ControlPlaneConfig
+	// Adding the join token name to the extra SANs is required because the token name
+	// and kubelet name diverge in the CAPI context.
+	// See https://github.com/canonical/k8s-snap/pull/629 for more details.
+	controlPlaneConfig.ExtraSANs = append(controlPlaneConfig.ExtraSANs, scope.Config.Name)
+
 	configStruct := ck8s.GenerateJoinControlPlaneConfig(ck8s.JoinControlPlaneConfig{
 		ControlPlaneEndpoint: scope.Cluster.Spec.ControlPlaneEndpoint.Host,
-		ControlPlaneConfig:   scope.Config.Spec.ControlPlaneConfig,
+		ControlPlaneConfig:   controlPlaneConfig,
 	})
 	joinConfig, err := kubeyaml.Marshal(configStruct)
 	if err != nil {