From 624a964cda77ba0a2f0e1fe270713ec96fd4608b Mon Sep 17 00:00:00 2001 From: "teuto.net Netzdienste GmbH" Date: Thu, 31 Mar 2016 14:38:08 +0200 Subject: [PATCH 1/2] Implemented Dynamic Provisioning of PersistentVolumes with cinder When kubespray is deployed on OpenStack, the kube-controller-manager is now aware of the cluster and can create new cinder volumes automatically if the PersistentVolumeClaims are annotated accordingly. Note that this is an alpha feature of kubernetes 1.2 --- .../manifests/kube-controller-manager.manifest.j2 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 index 4b9ed2f74..2897ad774 100644 --- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 @@ -16,6 +16,10 @@ spec: - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem - --root-ca-file={{ kube_cert_dir }}/ca.pem - --v={{ kube_log_level | default('2') }} +{% if cloud_provider is defined and cloud_provider == "openstack" %} + - --cloud-provider=openstack + - --cloud-config={{ kube_config_dir }}/cloud_config +{% endif %} livenessProbe: httpGet: host: 127.0.0.1 @@ -30,6 +34,11 @@ spec: - mountPath: /etc/ssl/certs name: ssl-certs-host readOnly: true +{% if cloud_provider is defined and cloud_provider == "openstack" %} + - mountPath: {{ kube_config_dir }}/cloud_config + name: cloudconfig + readOnly: true +{% endif %} volumes: - hostPath: path: {{ kube_cert_dir }} @@ -37,3 +46,8 @@ spec: - hostPath: path: /usr/share/ca-certificates name: ssl-certs-host +{% if cloud_provider is defined and cloud_provider == "openstack" %} + - hostPath: + path: {{ kube_config_dir }}/cloud_config + name: cloudconfig +{% endif %} From 8cbdf73ebaf663cddba955cea04b0237db9ad460 Mon Sep 17 00:00:00 2001 From: "teuto.net Netzdienste GmbH" Date: Fri, 1 Apr 2016 09:34:28 +0200 Subject: [PATCH 2/2] Changed path to hosts ssl certs from /usr/share/ca-certificates to /etc/ssl/certs/ which fixes https problems in kube-controller-manager and kube-apiserver (#189) caused by the lack of certificates on debian and redhat based systems. --- .../master/templates/manifests/kube-apiserver.manifest.j2 | 2 +- .../templates/manifests/kube-controller-manager.manifest.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 index 1a0b6a2cb..707915047 100644 --- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 @@ -48,5 +48,5 @@ spec: path: {{ kube_config_dir }} name: kubernetes-config - hostPath: - path: /usr/share/ca-certificates + path: /etc/ssl/certs/ name: ssl-certs-host diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 index 2897ad774..3ae4c18fc 100644 --- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 @@ -44,7 +44,7 @@ spec: path: {{ kube_cert_dir }} name: ssl-certs-kubernetes - hostPath: - path: /usr/share/ca-certificates + path: /etc/ssl/certs/ name: ssl-certs-host {% if cloud_provider is defined and cloud_provider == "openstack" %} - hostPath: