Use only one certificate for all apiservers

https://github.com/kubernetes/kubernetes/issues/25063
2026-03-09 19:58:07 +03:00 · 2017-01-13 14:03:20 +03:00
parent e88c10670e
commit 80703010bd
4 changed files with 17 additions and 14 deletions
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -23,7 +23,7 @@ spec:
    - controller-manager
    - --master={{ kube_apiserver_endpoint }}
    - --leader-elect=true
-    - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-{{ inventory_hostname }}-key.pem
+    - --service-account-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
    - --root-ca-file={{ kube_cert_dir }}/ca.pem
    - --cluster-signing-cert-file={{ kube_cert_dir }}/ca.pem
    - --cluster-signing-key-file={{ kube_cert_dir }}/ca-key.pem