Browse Source
add encryptionAlgorithm for ClusterConfigration (#11751)
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
pull/11753/head
ERIK
6 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with
6 additions and
0 deletions
-
roles/kubernetes/control-plane/defaults/main/main.yml
-
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
|
|
|
@ -236,3 +236,8 @@ kube_apiserver_tracing_sampling_rate_per_million: 100 |
|
|
|
|
|
|
|
# Enable kubeadm file discovery if anonymous access has been removed |
|
|
|
kubeadm_use_file_discovery: "{{ remove_anonymous_access }}" |
|
|
|
|
|
|
|
# Supported asymmetric encryption algorithm types for the cluster's keys and certificates. |
|
|
|
# can be one of RSA-2048(default), RSA-3072, RSA-4096, ECDSA-P256 |
|
|
|
# ref: https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/#kubeadm-k8s-io-v1beta4-ClusterConfiguration |
|
|
|
kube_asymmetric_encryption_algorithm: "RSA-2048" |
|
|
|
@ -37,6 +37,7 @@ patches: |
|
|
|
apiVersion: kubeadm.k8s.io/v1beta4 |
|
|
|
kind: ClusterConfiguration |
|
|
|
clusterName: {{ cluster_name }} |
|
|
|
encryptionAlgorithm: {{ kube_asymmetric_encryption_algorithm }} |
|
|
|
etcd: |
|
|
|
{% if etcd_deployment_type != "kubeadm" %} |
|
|
|
external: |
|
|
|
|
