epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-07 02:27:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Use dedicated front-proxy-ca for front-proxy-client

Browse Source
This commit is contained in:
Chad Swenson
2018-04-05 14:32:12 -05:00
parent a6a47dbc96
commit d87b6fd9f3
12 changed files with 73 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/kubernetes/secrets/tasks/check-certs.yml
View File

@@ -48,6 +48,8 @@
'{{ kube_cert_dir }}/kube-scheduler-key.pem',
'{{ kube_cert_dir }}/kube-controller-manager.pem',
'{{ kube_cert_dir }}/kube-controller-manager-key.pem',
'{{ kube_cert_dir }}/front-proxy-ca.pem',
'{{ kube_cert_dir }}/front-proxy-ca-key.pem',
'{{ kube_cert_dir }}/front-proxy-client.pem',
'{{ kube_cert_dir }}/front-proxy-client-key.pem',
'{{ kube_cert_dir }}/service-account-key.pem',
@@ -72,6 +74,7 @@
{% for cert in ['apiserver.pem', 'apiserver-key.pem',
'kube-scheduler.pem','kube-scheduler-key.pem',
'kube-controller-manager.pem','kube-controller-manager-key.pem',
'front-proxy-ca.pem','front-proxy-ca-key.pem',
'front-proxy-client.pem','front-proxy-client-key.pem',
'service-account-key.pem'] -%}
{% set cert_file = "%s/%s.pem"|format(kube_cert_dir, cert) %}