Rename CN for aggreator back. Add flags to apiserver when version is >= 1.9
This commit is contained in:
parent
82d10b882c
commit
b2d30d68e7
3 changed files with 11 additions and 12 deletions
|
@ -192,14 +192,3 @@ persistent_volumes_enabled: false
|
||||||
## See https://github.com/kubernetes-incubator/kubespray/issues/2141
|
## See https://github.com/kubernetes-incubator/kubespray/issues/2141
|
||||||
## Set this variable to true to get rid of this issue
|
## Set this variable to true to get rid of this issue
|
||||||
volume_cross_zone_attachment: false
|
volume_cross_zone_attachment: false
|
||||||
|
|
||||||
## Add options for metrics-server
|
|
||||||
#apiserver_custom_flags:
|
|
||||||
# - --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
|
|
||||||
# - --requestheader-allowed-names=aggregator
|
|
||||||
# - "--requestheader-extra-headers-prefix=X-Remote-Extra-"
|
|
||||||
# - --requestheader-group-headers=X-Remote-Group
|
|
||||||
# - --requestheader-username-headers=X-Remote-User
|
|
||||||
# - --enable-aggregator-routing=true
|
|
||||||
# - --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy-client.pem
|
|
||||||
# - --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-client-key.pem
|
|
||||||
|
|
|
@ -100,6 +100,16 @@ spec:
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
- --feature-gates={{ kube_feature_gates|join(',') }}
|
- --feature-gates={{ kube_feature_gates|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kube_version | version_compare('1.9', '>=') %}
|
||||||
|
- --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
|
||||||
|
- --requestheader-allowed-names=system:aggregator-proxy-client
|
||||||
|
- "--requestheader-extra-headers-prefix=X-Remote-Extra-"
|
||||||
|
- --requestheader-group-headers=X-Remote-Group
|
||||||
|
- --requestheader-username-headers=X-Remote-User
|
||||||
|
- --enable-aggregator-routing=true
|
||||||
|
- --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy-client.pem
|
||||||
|
- --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-client-key.pem
|
||||||
|
{% endif %}
|
||||||
{% if apiserver_custom_flags is string %}
|
{% if apiserver_custom_flags is string %}
|
||||||
- {{ apiserver_custom_flags }}
|
- {{ apiserver_custom_flags }}
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
|
@ -94,7 +94,7 @@ if [ -n "$MASTERS" ]; then
|
||||||
# kube-controller-manager
|
# kube-controller-manager
|
||||||
gen_key_and_cert "kube-controller-manager" "/CN=system:kube-controller-manager"
|
gen_key_and_cert "kube-controller-manager" "/CN=system:kube-controller-manager"
|
||||||
# metrics aggregator
|
# metrics aggregator
|
||||||
gen_key_and_cert "aggregator-proxy-client" "/CN=aggregator"
|
gen_key_and_cert "aggregator-proxy-client" "/CN=system:aggregator-proxy-client"
|
||||||
|
|
||||||
for host in $MASTERS; do
|
for host in $MASTERS; do
|
||||||
cn="${host%%.*}"
|
cn="${host%%.*}"
|
||||||
|
|
Loading…
Reference in a new issue