epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-28 09:39:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

add encryptionAlgorithm for ClusterConfigration (#11751)

Browse Source 
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
This commit is contained in:
ERIK
2024-11-28 16:28:59 +08:00
committed by GitHub
parent e1ab3122c8
commit 9f01effadc
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/kubernetes/control-plane/defaults/main/main.yml
View File

@@ -236,3 +236,8 @@ kube_apiserver_tracing_sampling_rate_per_million: 100
# Enable kubeadm file discovery if anonymous access has been removed # Enable kubeadm file discovery if anonymous access has been removed
kubeadm_use_file_discovery: "{{ remove_anonymous_access }}" kubeadm_use_file_discovery: "{{ remove_anonymous_access }}"
# Supported asymmetric encryption algorithm types for the cluster's keys and certificates.
# can be one of RSA-2048(default), RSA-3072, RSA-4096, ECDSA-P256
# ref: https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/#kubeadm-k8s-io-v1beta4-ClusterConfiguration
kube_asymmetric_encryption_algorithm: "RSA-2048"

1
roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
View File

@@ -37,6 +37,7 @@ patches:
apiVersion: kubeadm.k8s.io/v1beta4 apiVersion: kubeadm.k8s.io/v1beta4
kind: ClusterConfiguration kind: ClusterConfiguration
clusterName: {{ cluster_name }} clusterName: {{ cluster_name }}
encryptionAlgorithm: {{ kube_asymmetric_encryption_algorithm }}
etcd: etcd:
{% if etcd_deployment_type != "kubeadm" %} {% if etcd_deployment_type != "kubeadm" %}
external: external: