From a94a407a4312138842c944f8bb60f90a0154399f Mon Sep 17 00:00:00 2001 From: woopstar Date: Tue, 20 Mar 2018 12:08:34 +0100 Subject: [PATCH 1/2] Fix duplicate --proxy-client-cert-file and --proxy-client-key-file --- .../master/templates/manifests/kube-apiserver.manifest.j2 | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 index c1685410d..4f8bb6d4f 100644 --- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 +++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 @@ -57,8 +57,6 @@ spec: {% endif %} - --tls-cert-file={{ kube_cert_dir }}/apiserver.pem - --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem - - --proxy-client-cert-file={{ kube_cert_dir }}/apiserver.pem - - --proxy-client-key-file={{ kube_cert_dir }}/apiserver-key.pem {% if kube_token_auth|default(true) %} - --token-auth-file={{ kube_token_dir }}/known_tokens.csv {% endif %} From 9d540165c0416d4e078cd2af2b2fc0b849aa6207 Mon Sep 17 00:00:00 2001 From: woopstar Date: Tue, 20 Mar 2018 16:28:01 +0100 Subject: [PATCH 2/2] Set kube_api_aggregator_routing to default false as we use kube-proxy --- roles/kubespray-defaults/defaults/main.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index b0203676d..a907beddd 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -128,7 +128,7 @@ kube_apiserver_insecure_bind_address: 127.0.0.1 kube_apiserver_insecure_port: 8080 # Aggregator -kube_api_aggregator_routing: true +kube_api_aggregator_routing: false # Path used to store Docker data docker_daemon_graph: "/var/lib/docker"