kubespray: fix missing ca-certificate path in apiserver

2026-03-09 11:47:47 +03:00 · 2018-12-27 18:15:37 +01:00
parent 5a7ac7e5c1
commit 83e11f9ef7
4 changed files with 36 additions and 4 deletions
--- a/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
@@ -121,7 +121,7 @@ apiServer:
 {% elif cloud_provider is defined and cloud_provider in ["external"] %}
    cloud-config: {{ kube_config_dir }}/cloud_config
 {% endif %}
-{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes %}
+{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
  extraVolumes:
 {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws", "external"] %}
  - name: cloud-config
@@ -160,6 +160,14 @@ apiServer:
    mountPath: {{ volume.mountPath }}
    readOnly: {{ volume.readOnly | d(not (volume.writable | d(false))) }}
 {% endfor %}
+{% if ssl_ca_dirs|length %}
+{% for dir in ssl_ca_dirs %}
+  - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
+    hostPath: {{ dir }}
+    mountPath: {{ dir }}
+    readOnly: true
+{% endfor %}
+{% endif %}
 {% endif %}
  certSANs:
 {% for san in apiserver_sans.split() | unique %}