From 6fee2f4462d468f23070d182ce1c649254454d40 Mon Sep 17 00:00:00 2001
From: Ray Wainman <rwainman@google.com>
Date: Tue, 26 Sep 2023 13:48:30 +0000
Subject: [PATCH] fix duplicate -addext when generating certificates

---
 vertical-pod-autoscaler/pkg/admission-controller/gencerts.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vertical-pod-autoscaler/pkg/admission-controller/gencerts.sh b/vertical-pod-autoscaler/pkg/admission-controller/gencerts.sh
index 1882601cdf40..730464c460c7 100755
--- a/vertical-pod-autoscaler/pkg/admission-controller/gencerts.sh
+++ b/vertical-pod-autoscaler/pkg/admission-controller/gencerts.sh
@@ -51,7 +51,7 @@ set -o errexit
 # Create a server certificate
 openssl genrsa -out ${TMP_DIR}/serverKey.pem 2048
 # Note the CN is the DNS name of the service of the webhook.
-openssl req -new -key ${TMP_DIR}/serverKey.pem -out ${TMP_DIR}/server.csr -subj "/CN=vpa-webhook.kube-system.svc" -config ${TMP_DIR}/server.conf -addext "subjectAltName = DNS:vpa-webhook.kube-system.svc"
+openssl req -new -key ${TMP_DIR}/serverKey.pem -out ${TMP_DIR}/server.csr -subj "/CN=vpa-webhook.kube-system.svc" -config ${TMP_DIR}/server.conf
 openssl x509 -req -in ${TMP_DIR}/server.csr -CA ${TMP_DIR}/caCert.pem -CAkey ${TMP_DIR}/caKey.pem -CAcreateserial -out ${TMP_DIR}/serverCert.pem -days 100000 -extensions SAN -extensions v3_req -extfile ${TMP_DIR}/server.conf
 
 echo "Uploading certs to the cluster."