epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-09 03:37:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Generate individual certificates for k8s hosts

Browse Source
This commit is contained in:
Matthew Mosesohn
2016-12-27 14:02:45 +03:00
parent 3b0918981e
commit 3f274115b0
6 changed files with 101 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
View File

@@ -35,10 +35,10 @@ spec:
- --service-node-port-range={{ kube_apiserver_node_port_range }}
- --client-ca-file={{ kube_cert_dir }}/ca.pem
- --basic-auth-file={{ kube_users_dir }}/known_users.csv
- --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
- --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
- --tls-cert-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}.pem
- --tls-private-key-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}-key.pem
- --token-auth-file={{ kube_token_dir }}/known_tokens.csv
- --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
- --service-account-key-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}-key.pem
- --secure-port={{ kube_apiserver_port }}
- --insecure-port={{ kube_apiserver_insecure_port }}
{% if kube_api_runtime_config is defined %}

2
roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
View File

@@ -23,7 +23,7 @@ spec:
- controller-manager
- --master={{ kube_apiserver_endpoint }}
- --leader-elect=true
- --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
- --service-account-private-key-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}-key.pem
- --root-ca-file={{ kube_cert_dir }}/ca.pem
- --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem
- --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem