richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #3949 from trogeat/patch-fix-missing-ca-cert-apiserver 

kubespray: fix missing ca-certificate path in apiserver
pull/4216/head
Chad Swenson 6 years ago
committed by GitHub
parent
5d146e52fe 83e11f9ef7
commit
038a2eb862
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 36 additions and 4 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
  2. 10
      roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
  3. 10
      roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
  4. 10
      roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2

10
roles/kubernetes/master/templates/kubeadm-config.v1alpha1.yaml.j2
View File

@ -161,7 +161,7 @@ schedulerExtraArgs:
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}" {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) %}
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ssl_ca_dirs|length %}
apiServerExtraVolumes: apiServerExtraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config - name: cloud-config
@ -183,6 +183,14 @@ apiServerExtraVolumes:
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
{% endif %} {% endif %}
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath: {{ dir }}
mountPath: {{ dir }}
writable: false
{% endfor %}
{% endif %}
{% endif %} {% endif %}
apiServerCertSANs: apiServerCertSANs:
{% for san in apiserver_sans.split() | unique %} {% for san in apiserver_sans.split() | unique %}

10
roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
View File

@ -155,7 +155,7 @@ controllerManagerExtraVolumes:
mountPath: {{ kube_config_dir }}/cloud_config mountPath: {{ kube_config_dir }}/cloud_config
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ssl_ca_dirs|length %}
apiServerExtraVolumes: apiServerExtraVolumes:
{% if kube_basic_auth|default(true) %} {% if kube_basic_auth|default(true) %}
- name: basic-auth-config - name: basic-auth-config
@ -183,6 +183,14 @@ apiServerExtraVolumes:
writable: true writable: true
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath: {{ dir }}
mountPath: {{ dir }}
writable: false
{% endfor %}
{% endif %}
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config - name: cloud-config

10
roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
View File

@ -166,7 +166,7 @@ schedulerExtraArgs:
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}" {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
apiServerExtraVolumes: apiServerExtraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config - name: cloud-config
@ -205,6 +205,14 @@ apiServerExtraVolumes:
mountPath: {{ volume.mountPath }} mountPath: {{ volume.mountPath }}
writable: {{ volume.writable | default(false)}} writable: {{ volume.writable | default(false)}}
{% endfor %} {% endfor %}
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath: {{ dir }}
mountPath: {{ dir }}
writable: false
{% endfor %}
{% endif %}
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %}
controllerManagerExtraVolumes: controllerManagerExtraVolumes:

10
roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
View File

@ -127,7 +127,7 @@ apiServer:
{% elif cloud_provider is defined and cloud_provider in ["external"] %} {% elif cloud_provider is defined and cloud_provider in ["external"] %}
cloud-config: {{ kube_config_dir }}/cloud_config cloud-config: {{ kube_config_dir }}/cloud_config
{% endif %} {% endif %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes %}
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
extraVolumes: extraVolumes:
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %} {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
- name: cloud-config - name: cloud-config
@ -166,6 +166,14 @@ apiServer:
mountPath: {{ volume.mountPath }} mountPath: {{ volume.mountPath }}
readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }} readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
{% endfor %} {% endfor %}
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath: {{ dir }}
mountPath: {{ dir }}
readOnly: true
{% endfor %}
{% endif %}
{% endif %} {% endif %}
certSANs: certSANs:
{% for san in apiserver_sans.split() | unique %} {% for san in apiserver_sans.split() | unique %}

Write Preview
Loading…
Cancel
Save