[BUG] Duplicated SANs for K8s apiserver certificate

[przemyslavic]

Describe the bug
There are duplicate SAN entries for K8s apiserver certificate.

To Reproduce
Steps to reproduce the bug:

1. Deploy a new cluster from develop branch with at least one K8s master node.
2. Execute openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout | grep DNS on the master node to get the Subject Alternative Names (SAN) for a certificate.

Expected behavior
There are no duplicate SANs.

OS (please complete the following information):

• OS: [All]

Cloud Environment (please complete the following information):

• Cloud Provider [All]

Actual behavior:
There are duplicate entries with the master's private IP address.

root@ci-devazurubuflannel-kubernetes-master-vm-0:~# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout | grep DNS

DNS:ci-devazurubuflannel-kubernetes-master-vm-0, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:localhost, IP Address:10.96.0.1, IP Address:10.1.1.4, IP Address:127.0.0.1, IP Address:10.1.1.4

---

DoD checklist

• Changelog updated (if affected version was released)
• COMPONENTS.md updated / doesn't need to be updated
• Automated tests passed (QA pipelines)
  • apply
  • upgrade
• Case covered by automated test (if possible)
• Idempotency tested
• Documentation updated / doesn't need to be updated
• All conversations in PR resolved
• Backport tasks created / doesn't need to be backported

[atsikham]

IMO if we use kubeadm, it should be implemented there to keep kubeadm control plane config in sync with kubeadm configmap. Let's wait for some result in kubeadm issue and decide what to do next.

[atsikham]

Should be fixed in kubeadm v1.19 - kubernetes/kubernetes#92753

[przemyslavic]

✔️ Fixed in Kubernetes v1.19