Generate individual certificates for k8s hosts

2026-03-09 19:58:07 +03:00 · 2016-12-27 14:02:45 +03:00
parent 3b0918981e
commit 3f274115b0
6 changed files with 101 additions and 39 deletions
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -23,7 +23,7 @@ spec:
    - controller-manager
    - --master={{ kube_apiserver_endpoint }}
    - --leader-elect=true
-    - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
+    - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}-key.pem
    - --root-ca-file={{ kube_cert_dir }}/ca.pem
    - --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem
    - --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem