Merge pull request #3949 from trogeat/patch-fix-missing-ca-cert-apiserver

kubespray: fix missing ca-certificate path in apiserver
2026-03-09 19:58:07 +03:00 · 2019-02-11 15:40:04 -06:00
parent 5d146e52fe 83e11f9ef7
commit 038a2eb862
4 changed files with 36 additions and 4 deletions
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
@@ -155,7 +155,7 @@ controllerManagerExtraVolumes:
  mountPath: {{ kube_config_dir }}/cloud_config
 {% endif %}
 {% endif %}
-{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) %}
+{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ssl_ca_dirs|length %}
 apiServerExtraVolumes:
 {% if kube_basic_auth|default(true) %}
 - name: basic-auth-config
@@ -183,6 +183,14 @@ apiServerExtraVolumes:
  writable: true
 {% endif %}
 {% endif %}
+{% if ssl_ca_dirs|length %}
+{% for dir in ssl_ca_dirs %}
+- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
+  hostPath: {{ dir }}
+  mountPath: {{ dir }}
+  writable: false
+{% endfor %}
+{% endif %}
 {% endif %}
 {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
 - name: cloud-config