Rename CN for aggreator back. Add flags to apiserver when version is >= 1.9

This commit is contained in:
woopstar 2018-02-05 20:37:06 +01:00 committed by Andreas Kruger
parent 82d10b882c
commit b2d30d68e7
3 changed files with 11 additions and 12 deletions

View file

@ -192,14 +192,3 @@ persistent_volumes_enabled: false
## See https://github.com/kubernetes-incubator/kubespray/issues/2141 ## See https://github.com/kubernetes-incubator/kubespray/issues/2141
## Set this variable to true to get rid of this issue ## Set this variable to true to get rid of this issue
volume_cross_zone_attachment: false volume_cross_zone_attachment: false
## Add options for metrics-server
#apiserver_custom_flags:
# - --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
# - --requestheader-allowed-names=aggregator
# - "--requestheader-extra-headers-prefix=X-Remote-Extra-"
# - --requestheader-group-headers=X-Remote-Group
# - --requestheader-username-headers=X-Remote-User
# - --enable-aggregator-routing=true
# - --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy-client.pem
# - --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-client-key.pem

View file

@ -100,6 +100,16 @@ spec:
{% if kube_feature_gates %} {% if kube_feature_gates %}
- --feature-gates={{ kube_feature_gates|join(',') }} - --feature-gates={{ kube_feature_gates|join(',') }}
{% endif %} {% endif %}
{% if kube_version | version_compare('1.9', '>=') %}
- --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
- --requestheader-allowed-names=system:aggregator-proxy-client
- "--requestheader-extra-headers-prefix=X-Remote-Extra-"
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --enable-aggregator-routing=true
- --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy-client.pem
- --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-client-key.pem
{% endif %}
{% if apiserver_custom_flags is string %} {% if apiserver_custom_flags is string %}
- {{ apiserver_custom_flags }} - {{ apiserver_custom_flags }}
{% else %} {% else %}

View file

@ -94,7 +94,7 @@ if [ -n "$MASTERS" ]; then
# kube-controller-manager # kube-controller-manager
gen_key_and_cert "kube-controller-manager" "/CN=system:kube-controller-manager" gen_key_and_cert "kube-controller-manager" "/CN=system:kube-controller-manager"
# metrics aggregator # metrics aggregator
gen_key_and_cert "aggregator-proxy-client" "/CN=aggregator" gen_key_and_cert "aggregator-proxy-client" "/CN=system:aggregator-proxy-client"
for host in $MASTERS; do for host in $MASTERS; do
cn="${host%%.*}" cn="${host%%.*}"