Merge pull request #2342 from southquist/add-ca-cert
allow for setting the cacert on openstack cloud provider
This commit is contained in:
commit
c288ffc55d
5 changed files with 47 additions and 0 deletions
|
@ -75,6 +75,12 @@ controllerManagerExtraArgs:
|
||||||
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
|
||||||
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
node-monitor-period: {{ kube_controller_node_monitor_period }}
|
||||||
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
pod-eviction-timeout: {{ kube_controller_pod_eviction_timeout }}
|
||||||
|
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
||||||
|
controllerManagerExtraVolumes:
|
||||||
|
- name: openstackcacert
|
||||||
|
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
|
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
|
{% endif %}
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
feature-gates: {{ kube_feature_gates|join(',') }}
|
feature-gates: {{ kube_feature_gates|join(',') }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -94,6 +94,11 @@ spec:
|
||||||
- mountPath: "{{ kube_config_dir }}/cloud_config"
|
- mountPath: "{{ kube_config_dir }}/cloud_config"
|
||||||
name: cloudconfig
|
name: cloudconfig
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
{% endif %}
|
||||||
|
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
||||||
|
- mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
|
name: openstackcacert
|
||||||
|
readOnly: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ssl-certs-host
|
- name: ssl-certs-host
|
||||||
|
@ -115,3 +120,8 @@ spec:
|
||||||
path: "{{ kube_config_dir }}/cloud_config"
|
path: "{{ kube_config_dir }}/cloud_config"
|
||||||
name: cloudconfig
|
name: cloudconfig
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if cloud_provider is defined and cloud_provider in ["openstack"] and openstack_cacert is defined %}
|
||||||
|
- hostPath:
|
||||||
|
path: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
|
name: openstackcacert
|
||||||
|
{% endif %}
|
||||||
|
|
|
@ -114,6 +114,7 @@ openstack_tenant_id: "{{ lookup('env','OS_TENANT_ID')| default(lookup('env','OS_
|
||||||
openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}"
|
openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}"
|
||||||
openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}"
|
openstack_domain_name: "{{ lookup('env','OS_USER_DOMAIN_NAME') }}"
|
||||||
openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}"
|
openstack_domain_id: "{{ lookup('env','OS_USER_DOMAIN_ID') }}"
|
||||||
|
openstack_cacert: "{{ lookup('env','OS_CACERT') }}"
|
||||||
|
|
||||||
# For the vsphere integration, kubelet will need credentials to access
|
# For the vsphere integration, kubelet will need credentials to access
|
||||||
# vsphere apis
|
# vsphere apis
|
||||||
|
|
|
@ -12,6 +12,9 @@ domain-name="{{ openstack_domain_name }}"
|
||||||
{% elif openstack_domain_id is defined and openstack_domain_id != "" %}
|
{% elif openstack_domain_id is defined and openstack_domain_id != "" %}
|
||||||
domain-id ="{{ openstack_domain_id }}"
|
domain-id ="{{ openstack_domain_id }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if openstack_cacert is defined and openstack_cacert != "" %}
|
||||||
|
ca-file="{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% if openstack_blockstorage_version is defined %}
|
{% if openstack_blockstorage_version is defined %}
|
||||||
[BlockStorage]
|
[BlockStorage]
|
||||||
|
|
|
@ -311,3 +311,30 @@
|
||||||
- ansible_distribution in ["CentOS","RedHat"]
|
- ansible_distribution in ["CentOS","RedHat"]
|
||||||
tags:
|
tags:
|
||||||
- bootstrap-os
|
- bootstrap-os
|
||||||
|
|
||||||
|
- name: Write cacert file
|
||||||
|
copy:
|
||||||
|
content: "{{ openstack_cacert }}"
|
||||||
|
dest: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
|
group: "{{ kube_cert_group }}"
|
||||||
|
mode: 0640
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups['k8s-cluster']
|
||||||
|
- cloud_provider is defined
|
||||||
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
||||||
|
- openstack_cacert is defined
|
||||||
|
tags:
|
||||||
|
- cloud-provider
|
||||||
|
|
||||||
|
- name: Write cloud-config
|
||||||
|
template:
|
||||||
|
src: "{{ cloud_provider }}-cloud-config.j2"
|
||||||
|
dest: "{{ kube_config_dir }}/cloud_config"
|
||||||
|
group: "{{ kube_cert_group }}"
|
||||||
|
mode: 0640
|
||||||
|
when:
|
||||||
|
- inventory_hostname in groups['k8s-cluster']
|
||||||
|
- cloud_provider is defined
|
||||||
|
- cloud_provider in [ 'openstack', 'azure', 'vsphere' ]
|
||||||
|
tags:
|
||||||
|
- cloud-provider
|
||||||
|
|
Loading…
Reference in a new issue