Use only one certificate for all apiservers

https://github.com/kubernetes/kubernetes/issues/25063
2026-03-09 19:58:07 +03:00 · 2017-01-13 14:03:20 +03:00
parent e88c10670e
commit 80703010bd
4 changed files with 17 additions and 14 deletions
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -35,10 +35,10 @@ spec:
    - --service-node-port-range={{ kube_apiserver_node_port_range }}
    - --client-ca-file={{ kube_cert_dir }}/ca.pem
    - --basic-auth-file={{ kube_users_dir }}/known_users.csv
-    - --tls-cert-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}.pem
-    - --tls-private-key-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}-key.pem
+    - --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
+    - --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
    - --token-auth-file={{ kube_token_dir }}/known_tokens.csv
-    - --service-account-key-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}-key.pem
+    - --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
    - --secure-port={{ kube_apiserver_port }}
    - --insecure-port={{ kube_apiserver_insecure_port }}
 {% if kube_api_runtime_config is defined %}