From 633bfa7ebcfd70e96fe624db8e5fa6356b84236b Mon Sep 17 00:00:00 2001 From: Arnaud MAZIN Date: Tue, 13 Nov 2018 19:25:59 +0100 Subject: [PATCH] Bring static tokens and user back to 1.12 (#3593) --- .../templates/kubeadm-config.v1alpha3.yaml.j2 | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 index 5eef26fe2..6e70227aa 100644 --- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 +++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 @@ -67,6 +67,9 @@ apiServerExtraArgs: {% if kube_basic_auth|default(true) %} basic-auth-file: {{ kube_users_dir }}/known_users.csv {% endif %} +{% if kube_token_auth|default(true) %} + token-auth-file: {{ kube_token_dir }}/known_tokens.csv +{% endif %} {% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %} oidc-issuer-url: {{ kube_oidc_url }} oidc-client-id: {{ kube_oidc_client_id }} @@ -114,8 +117,19 @@ controllerManagerExtraVolumes: hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" {% endif %} -{% if kubernetes_audit %} +{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %} apiServerExtraVolumes: +{% if kube_basic_auth|default(true) %} +- name: basic-auth-config + hostPath: {{ kube_users_dir }} + mountPath: {{ kube_users_dir }} +{% endif %} +{% if kube_token_auth|default(true) %} +- name: token-auth-config + hostPath: {{ kube_token_dir }} + mountPath: {{ kube_token_dir }} +{% endif %} +{% if kubernetes_audit %} - name: {{ audit_policy_name }} hostPath: {{ audit_policy_hostpath }} mountPath: {{ audit_policy_mountpath }} @@ -126,6 +140,7 @@ apiServerExtraVolumes: writable: true {% endif %} {% endif %} +{% endif %} {% for key in kube_kubeadm_controller_extra_args %} {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}" {% endfor %}