Merge pull request #2342 from southquist/add-ca-cert

allow for setting the cacert on openstack cloud provider
This commit is contained in:
Rong Zhang 2018-08-07 17:46:01 +08:00 committed by GitHub
commit c288ffc55d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 47 additions and 0 deletions

View file

@ -75,6 +75,12 @@ controllerManagerExtraArgs:
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }} node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
node-monitor-period: {{ kube_controller_node_monitor_period }} node-monitor-period: {{ kube_controller_node_monitor_period }}
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }} pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
controllerManagerExtraVolumes:
- name: openstackcacert
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
{% endif %}
{% if kube_feature_gates %} {% if kube_feature_gates %}
feature-gates: {{ kube_feature_gates|join(',') }} feature-gates: {{ kube_feature_gates|join(',') }}
{% endif %} {% endif %}

View file

@ -94,6 +94,11 @@ spec:
- mountPath: "{{ kube_config_dir }}/cloud_config" - mountPath: "{{ kube_config_dir }}/cloud_config"
name: cloudconfig name: cloudconfig
readOnly: true readOnly: true
{% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
- mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
name: openstackcacert
readOnly: true
{% endif %} {% endif %}
volumes: volumes:
- name: ssl-certs-host - name: ssl-certs-host
@ -115,3 +120,8 @@ spec:
path: "{{ kube_config_dir }}/cloud_config" path: "{{ kube_config_dir }}/cloud_config"
name: cloudconfig name: cloudconfig
{% endif %} {% endif %}
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
- hostPath:
path: "{{ kube_config_dir }}/openstack-cacert.pem"
name: openstackcacert
{% endif %}

View file

@ -114,6 +114,7 @@ openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_
openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}" openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}"
openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}" openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}"
openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}" openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}"
openstack_cacert: "{{ lookup('env','OS_CACERT') }}"
# For the vsphere integration, kubelet will need credentials to access # For the vsphere integration, kubelet will need credentials to access
# vsphere apis # vsphere apis

View file

@ -12,6 +12,9 @@ domain-name="{{ openstack_domain_name }}"
{% elif openstack_domain_id is defined and openstack_domain_id != "" %} {% elif openstack_domain_id is defined and openstack_domain_id != "" %}
domain-id ="{{ openstack_domain_id }}" domain-id ="{{ openstack_domain_id }}"
{% endif %} {% endif %}
{% if openstack_cacert is defined and openstack_cacert != "" %}
ca-file="{{ kube_config_dir }}/openstack-cacert.pem"
{% endif %}
{% if openstack_blockstorage_version is defined %} {% if openstack_blockstorage_version is defined %}
[BlockStorage] [BlockStorage]

View file

@ -311,3 +311,30 @@
- ansible_distribution in ["CentOS","RedHat"] - ansible_distribution in ["CentOS","RedHat"]
tags: tags:
- bootstrap-os - bootstrap-os
- name: Write cacert file
copy:
content: "{{ openstack_cacert }}"
dest: "{{ kube_config_dir }}/openstack-cacert.pem"
group: "{{ kube_cert_group }}"
mode: 0640
when:
- inventory_hostname in groups['k8s-cluster']
- cloud_provider is defined
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
- openstack_cacert is defined
tags:
- cloud-provider
- name: Write cloud-config
template:
src: "{{ cloud_provider }}-cloud-config.j2"
dest: "{{ kube_config_dir }}/cloud_config"
group: "{{ kube_cert_group }}"
mode: 0640
when:
- inventory_hostname in groups['k8s-cluster']
- cloud_provider is defined
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
tags:
- cloud-provider