Bring static tokens and user back to 1.12 (#3593)

6 years ago · 633bfa7ebc
1 changed files with 16 additions and 1 deletions
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
@ -67,6 +67,9 @@ apiServerExtraArgs:
 {% if kube_basic_auth|default(true) %}
  basic-auth-file: {{ kube_users_dir }}/known_users.csv
 {% endif %}
+{% if kube_token_auth|default(true) %}
+  token-auth-file: {{ kube_token_dir }}/known_tokens.csv
+{% endif %}
 {% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
  oidc-issuer-url: {{ kube_oidc_url }}
  oidc-client-id: {{ kube_oidc_client_id }}
@ -114,8 +117,19 @@ controllerManagerExtraVolumes:
  hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
  mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
 {% endif %}
-{% if kubernetes_audit %}
+{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %}
 apiServerExtraVolumes:
+{% if kube_basic_auth|default(true) %}
+- name: basic-auth-config
+  hostPath: {{ kube_users_dir }}
+  mountPath: {{ kube_users_dir }}
+{% endif %}
+{% if kube_token_auth|default(true) %}
+- name: token-auth-config
+  hostPath: {{ kube_token_dir }}
+  mountPath: {{ kube_token_dir }}
+{% endif %}
+{% if kubernetes_audit %}
 - name: {{ audit_policy_name }}
  hostPath: {{ audit_policy_hostpath }}
  mountPath: {{ audit_policy_mountpath }}
@ -126,6 +140,7 @@ apiServerExtraVolumes:
  writable: true
 {% endif %}
 {% endif %}
+{% endif %}
 {% for key in kube_kubeadm_controller_extra_args %}
  {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
 {% endfor %}