Merge pull request #1595 from bradbeam/cacerts

Fixing CA certificate locations for k8s components
This commit is contained in:
Brad Beam 2017-08-30 21:31:19 -05:00 committed by GitHub
commit 917373ee55
3 changed files with 38 additions and 16 deletions

View file

@ -105,9 +105,14 @@ spec:
- mountPath: {{ kube_config_dir }} - mountPath: {{ kube_config_dir }}
name: kubernetes-config name: kubernetes-config
readOnly: true readOnly: true
- mountPath: /etc/ssl/certs - mountPath: /etc/ssl
name: ssl-certs-host name: ssl-certs-host
readOnly: true readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: {{ etcd_cert_dir }} - mountPath: {{ etcd_cert_dir }}
name: etcd-certs name: etcd-certs
readOnly: true readOnly: true
@ -120,9 +125,14 @@ spec:
- hostPath: - hostPath:
path: {{ kube_config_dir }} path: {{ kube_config_dir }}
name: kubernetes-config name: kubernetes-config
- hostPath: - name: ssl-certs-host
path: /etc/ssl/certs/ hostPath:
name: ssl-certs-host path: /etc/ssl
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
{% endfor %}
- hostPath: - hostPath:
path: {{ etcd_cert_dir }} path: {{ etcd_cert_dir }}
name: etcd-certs name: etcd-certs

View file

@ -70,9 +70,14 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
timeoutSeconds: 10 timeoutSeconds: 10
volumeMounts: volumeMounts:
- mountPath: /etc/ssl/certs - mountPath: /etc/ssl
name: ssl-certs-host name: ssl-certs-host
readOnly: true readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: "{{kube_config_dir}}/ssl" - mountPath: "{{kube_config_dir}}/ssl"
name: etc-kube-ssl name: etc-kube-ssl
readOnly: true readOnly: true
@ -87,11 +92,12 @@ spec:
volumes: volumes:
- name: ssl-certs-host - name: ssl-certs-host
hostPath: hostPath:
{% if ansible_os_family == 'RedHat' %} path: /etc/ssl
path: /etc/pki/tls {% for dir in ssl_ca_dirs %}
{% else %} - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
path: /usr/share/ca-certificates hostPath:
{% endif %} path: {{ dir }}
{% endfor %}
- name: etc-kube-ssl - name: etc-kube-ssl
hostPath: hostPath:
path: "{{ kube_config_dir }}/ssl" path: "{{ kube_config_dir }}/ssl"

View file

@ -45,9 +45,14 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
timeoutSeconds: 10 timeoutSeconds: 10
volumeMounts: volumeMounts:
- mountPath: /etc/ssl/certs - mountPath: /etc/ssl
name: ssl-certs-host name: ssl-certs-host
readOnly: true readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: "{{ kube_config_dir }}/ssl" - mountPath: "{{ kube_config_dir }}/ssl"
name: etc-kube-ssl name: etc-kube-ssl
readOnly: true readOnly: true
@ -57,11 +62,12 @@ spec:
volumes: volumes:
- name: ssl-certs-host - name: ssl-certs-host
hostPath: hostPath:
{% if ansible_os_family == 'RedHat' %} path: /etc/ssl
path: /etc/pki/tls {% for dir in ssl_ca_dirs %}
{% else %} - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
path: /usr/share/ca-certificates hostPath:
{% endif %} path: {{ dir }}
{% endfor %}
- name: etc-kube-ssl - name: etc-kube-ssl
hostPath: hostPath:
path: "{{ kube_config_dir }}/ssl" path: "{{ kube_config_dir }}/ssl"