templates/master/00-master: add 127.0.0.1 to etcd metric proxy SAN.

[hexfusion]

etcd-quorum-guard needs the ability to pin to the host etcd instance to check health. Because we are now using the metric chain of trust we need to allow 127.0.0.1 in the SAN the same as etcd server currently does to simplify these TLS connections.

Assists #613

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hexfusion
To fully approve this pull request, please assign additional approvers.
We suggest the following additional approver: jlebon

If they are not already assigned, you can assign the PR to them by writing /assign @jlebon in a comment when ready.

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hexfusion]

/cc @RobertKrawitz

[kikisdeliveryservice]

@hexfusion I thought 613 was closed?

[hexfusion]

@hexfusion I thought 613 was closed?

see that don't pay attention for 5 mins :).

[hexfusion]

@kikisdeliveryservice actually we still want quorum guard standalone to use metric certs so I would like to keep this open if possible.

[RobertKrawitz]

@hexfusion @kikisdeliveryservice this could also be used to allow the standalone etcd-quorum-guard to use the metrics cert.

[hexfusion]

/retest

[hexfusion]

/test e2e-aws

[openshift-ci-robot]

@hexfusion: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
ci/prow/e2e-aws	b2d804c	link	/test e2e-aws

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[kikisdeliveryservice]

I think there are some wider spread aws issues right now, so retesting might not help.

[RobertKrawitz]

@hexfusion is there any guarantee that the proxy won't cache health status (which would defeat the whole purpose of the quorum guard)?

[hexfusion]

@RobertKrawitz the proxy has no caching mechanism it has a handler that makes an HTTP request. On the curl side we could pass -H 'Cache-Control: no-cache' as a general safety mechanism for this concern.

[hexfusion]

We are not going to use metric certs for this use-case anymore closing