kubespray: fix missing ca-certificate path in apiserver
This commit is contained in:
parent
5a7ac7e5c1
commit
83e11f9ef7
4 changed files with 36 additions and 4 deletions
|
@ -155,7 +155,7 @@ schedulerExtraArgs:
|
||||||
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) %}
|
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ssl_ca_dirs|length %}
|
||||||
apiServerExtraVolumes:
|
apiServerExtraVolumes:
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||||
- name: cloud-config
|
- name: cloud-config
|
||||||
|
@ -177,6 +177,14 @@ apiServerExtraVolumes:
|
||||||
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
hostPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||||
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
mountPath: {{ kube_config_dir }}/webhook-token-auth-config.yaml
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if ssl_ca_dirs|length %}
|
||||||
|
{% for dir in ssl_ca_dirs %}
|
||||||
|
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||||
|
hostPath: {{ dir }}
|
||||||
|
mountPath: {{ dir }}
|
||||||
|
writable: false
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
apiServerCertSANs:
|
apiServerCertSANs:
|
||||||
{% for san in apiserver_sans.split() | unique %}
|
{% for san in apiserver_sans.split() | unique %}
|
||||||
|
|
|
@ -149,7 +149,7 @@ controllerManagerExtraVolumes:
|
||||||
mountPath: {{ kube_config_dir }}/cloud_config
|
mountPath: {{ kube_config_dir }}/cloud_config
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) %}
|
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ssl_ca_dirs|length %}
|
||||||
apiServerExtraVolumes:
|
apiServerExtraVolumes:
|
||||||
{% if kube_basic_auth|default(true) %}
|
{% if kube_basic_auth|default(true) %}
|
||||||
- name: basic-auth-config
|
- name: basic-auth-config
|
||||||
|
@ -177,6 +177,14 @@ apiServerExtraVolumes:
|
||||||
writable: true
|
writable: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if ssl_ca_dirs|length %}
|
||||||
|
{% for dir in ssl_ca_dirs %}
|
||||||
|
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||||
|
hostPath: {{ dir }}
|
||||||
|
mountPath: {{ dir }}
|
||||||
|
writable: false
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||||
- name: cloud-config
|
- name: cloud-config
|
||||||
|
|
|
@ -152,7 +152,7 @@ schedulerExtraArgs:
|
||||||
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes %}
|
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
|
||||||
apiServerExtraVolumes:
|
apiServerExtraVolumes:
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||||
- name: cloud-config
|
- name: cloud-config
|
||||||
|
@ -191,6 +191,14 @@ apiServerExtraVolumes:
|
||||||
mountPath: {{ volume.mountPath }}
|
mountPath: {{ volume.mountPath }}
|
||||||
writable: {{ volume.writable | default(false)}}
|
writable: {{ volume.writable | default(false)}}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% if ssl_ca_dirs|length %}
|
||||||
|
{% for dir in ssl_ca_dirs %}
|
||||||
|
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||||
|
hostPath: {{ dir }}
|
||||||
|
mountPath: {{ dir }}
|
||||||
|
writable: false
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] or controller_manager_extra_volumes %}
|
||||||
controllerManagerExtraVolumes:
|
controllerManagerExtraVolumes:
|
||||||
|
|
|
@ -121,7 +121,7 @@ apiServer:
|
||||||
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
|
{% elif cloud_provider is defined and cloud_provider in ["external"] %}
|
||||||
cloud-config: {{ kube_config_dir }}/cloud_config
|
cloud-config: {{ kube_config_dir }}/cloud_config
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes %}
|
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
|
||||||
extraVolumes:
|
extraVolumes:
|
||||||
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
{% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
|
||||||
- name: cloud-config
|
- name: cloud-config
|
||||||
|
@ -160,6 +160,14 @@ apiServer:
|
||||||
mountPath: {{ volume.mountPath }}
|
mountPath: {{ volume.mountPath }}
|
||||||
readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
|
readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% if ssl_ca_dirs|length %}
|
||||||
|
{% for dir in ssl_ca_dirs %}
|
||||||
|
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
|
||||||
|
hostPath: {{ dir }}
|
||||||
|
mountPath: {{ dir }}
|
||||||
|
readOnly: true
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
certSANs:
|
certSANs:
|
||||||
{% for san in apiserver_sans.split() | unique %}
|
{% for san in apiserver_sans.split() | unique %}
|
||||||
|
|
Loading…
Reference in a new issue