Fix #4237: update kube cert path (#4354)

This commit is contained in:
Dmitry Chepurovskiy 2019-03-18 09:55:11 +03:00 committed by Kubernetes Prow Robot
parent 38009a215a
commit ea7a6f1cf1
9 changed files with 15 additions and 11 deletions

View file

@ -412,13 +412,13 @@ sudo route add -net [internal-subnet]/24 gw [router-ip]
```
3. List Kubernetes certificates & keys:
```
ssh [os-user]@[master-ip] sudo ls /etc/kubernetes/ssl/
ssh [os-user]@[master-ip] sudo ls /etc/kubernetes/pki/
```
4. Get `admin`'s certificates and keys:
```
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/ssl/admin-kube-master-1-key.pem > admin-key.pem
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/ssl/admin-kube-master-1.pem > admin.pem
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/ssl/ca.pem > ca.pem
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/pki/admin-kube-master-k8s-master-1-key.pem > admin-key.pem
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/pki/admin-kube-master-k8s-master-1.pem > admin.pem
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/pki/ca.pem > ca.pem
```
5. Configure kubectl:
```ShellSession

View file

@ -114,7 +114,7 @@ vault_client_headers:
Content-Type: "application/json"
etcd_cert_dir: /etc/ssl/etcd/ssl
kube_cert_dir: /etc/kubernetes/ssl
kube_cert_dir: /etc/kubernetes/pki
vault_pki_mounts:
userpass:

View file

@ -76,8 +76,8 @@ generated elsewhere, you'll need to copy the certificate and key to the hosts in
* ``/etc/ssl/etcd/ssl/ca.pem``
* ``/etc/ssl/etcd/ssl/ca-key.pem``
* kubernetes:
* ``/etc/kubernetes/ssl/ca.pem``
* ``/etc/kubernetes/ssl/ca-key.pem``
* ``/etc/kubernetes/pki/ca.pem``
* ``/etc/kubernetes/pki/ca-key.pem``
Additional Notes:

View file

@ -8,7 +8,9 @@ kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests"
# This is where all the cert scripts and certs will be located
kube_cert_dir: "{{ kube_config_dir }}/ssl"
# For old version of k8s next line should be used instead
# kube_cert_dir: "{{ kube_config_dir }}/ssl"
kube_cert_dir: "{{ kube_config_dir }}/pki"
# This is where all of the bearer tokens will be stored
kube_token_dir: "{{ kube_config_dir }}/tokens"

View file

@ -4,4 +4,5 @@ kubectl_localhost: false
artifacts_dir: "{{ inventory_dir }}/artifacts"
kube_config_dir: "/etc/kubernetes"
kube_cert_dir: "{{ kube_config_dir }}/pki"
kube_apiserver_port: "6443"

View file

@ -49,7 +49,7 @@
kubeconfig user
--client-name kubernetes-admin
--org system:masters
--cert-dir {{ kube_config_dir }}/ssl
--cert-dir {{ kube_cert_dir }}
--apiserver-advertise-address {{ external_apiserver_address }}
--apiserver-bind-port {{ external_apiserver_port }}
run_once: yes

View file

@ -71,7 +71,7 @@
tags: facts
- name: kubeadm | Copy etcd cert dir under k8s cert dir
command: "cp -TR {{ etcd_cert_dir }} {{ kube_config_dir }}/ssl/etcd"
command: "cp -TR {{ etcd_cert_dir }} {{ kube_cert_dir }}/etcd"
changed_when: false
- name: Create audit-policy directory

View file

@ -25,6 +25,7 @@ disable_ipv6_dns: false
kube_cert_group: kube-cert
kube_config_dir: /etc/kubernetes
kube_cert_dir: "{{ kube_config_dir }}/pki"
# Container Linux by CoreOS cloud init config file to define /etc/resolv.conf content
# for hostnet pods and infra needs

View file

@ -93,7 +93,7 @@ kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests"
# This is where all the cert scripts and certs will be located
kube_cert_dir: "{{ kube_config_dir }}/ssl"
kube_cert_dir: "{{ kube_config_dir }}/pki"
# This is where all of the bearer tokens will be stored
kube_token_dir: "{{ kube_config_dir }}/tokens"