9b96fd7f5f
This commit aims to enable the scheduler and controller-manager to
access the proper {{ kube_api_endpoint }}, instead of the
unauthenticated localhost port. Two aditionnal certs are generated
on master nodes, and kubeconfig files are added for both pods.
18 lines
551 B
Django/Jinja
18 lines
551 B
Django/Jinja
apiVersion: v1
|
|
kind: Config
|
|
clusters:
|
|
- name: local
|
|
cluster:
|
|
certificate-authority: {{ kube_cert_dir }}/ca.pem
|
|
server: {{ kube_apiserver_endpoint }}
|
|
users:
|
|
- name: controller-manager
|
|
user:
|
|
client-certificate: {{ kube_cert_dir }}/controller-manager-{{ inventory_hostname }}.pem
|
|
client-key: {{ kube_cert_dir }}/controller-manager-{{ inventory_hostname }}-key.pem
|
|
contexts:
|
|
- context:
|
|
cluster: local
|
|
user: controller-manager
|
|
name: controller-manager-{{ cluster_name }}
|
|
current-context: controller-manager-{{ cluster_name }}
|