epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 05:45:06 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix(ssl-ca): mount ssl ca directories (#9794)

Browse Source 
Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
This commit is contained in:
Maxime Leroy
2023-05-29 04:43:42 +02:00
committed by GitHub
parent 8c32be5feb
commit 29f833e9a4
3 changed files with 51 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
View File

@@ -133,6 +133,13 @@ spec:
- name: ca-certs - name: ca-certs
mountPath: /etc/ssl/certs mountPath: /etc/ssl/certs
readOnly: true readOnly: true
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
mountPath: {{ dir }}
readOnly: true
{% endfor %}
{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %} {% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert - name: cinder-cacert
mountPath: {{ kube_config_dir }}/cinder-cacert.pem mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@@ -148,6 +155,14 @@ spec:
hostPath: hostPath:
path: /etc/ssl/certs path: /etc/ssl/certs
type: DirectoryOrCreate type: DirectoryOrCreate
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
type: DirectoryOrCreate
{% endfor %}
{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %} {% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert - name: cinder-cacert
hostPath: hostPath:

15
roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
View File

@@ -89,6 +89,13 @@ spec:
- name: ca-certs - name: ca-certs
mountPath: /etc/ssl/certs mountPath: /etc/ssl/certs
readOnly: true readOnly: true
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
mountPath: {{ dir }}
readOnly: true
{% endfor %}
{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %} {% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert - name: cinder-cacert
mountPath: {{ kube_config_dir }}/cinder-cacert.pem mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@@ -118,6 +125,14 @@ spec:
hostPath: hostPath:
path: /etc/ssl/certs path: /etc/ssl/certs
type: DirectoryOrCreate type: DirectoryOrCreate
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
type: DirectoryOrCreate
{% endfor %}
{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %} {% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert - name: cinder-cacert
hostPath: hostPath:

27
roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
View File

@@ -57,6 +57,13 @@ spec:
- mountPath: /etc/ssl/certs - mountPath: /etc/ssl/certs
name: ca-certs name: ca-certs
readOnly: true readOnly: true
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
mountPath: {{ dir }}
readOnly: true
{% endfor %}
{% endif %}
- mountPath: /etc/config/cloud.conf - mountPath: /etc/config/cloud.conf
name: cloud-config-volume name: cloud-config-volume
readOnly: true readOnly: true
@@ -78,19 +85,27 @@ spec:
hostNetwork: true hostNetwork: true
volumes: volumes:
{% if kubelet_flexvolumes_plugins_dir is defined %} {% if kubelet_flexvolumes_plugins_dir is defined %}
- hostPath: - name: flexvolume-dir
hostPath:
path: "{{ kubelet_flexvolumes_plugins_dir }}" path: "{{ kubelet_flexvolumes_plugins_dir }}"
type: DirectoryOrCreate type: DirectoryOrCreate
name: flexvolume-dir
{% endif %} {% endif %}
- hostPath: - name: k8s-certs
hostPath:
path: /etc/kubernetes/pki path: /etc/kubernetes/pki
type: DirectoryOrCreate type: DirectoryOrCreate
name: k8s-certs - name: ca-certs
- hostPath: hostPath:
path: /etc/ssl/certs path: /etc/ssl/certs
type: DirectoryOrCreate type: DirectoryOrCreate
name: ca-certs {% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
type: DirectoryOrCreate
{% endfor %}
{% endif %}
- name: cloud-config-volume - name: cloud-config-volume
secret: secret:
secretName: external-openstack-cloud-config secretName: external-openstack-cloud-config