External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-12 03:47:38 -02:30
Code Issues Packages Projects Releases Wiki Activity

Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault

Browse Source
This commit is contained in:
woopstar
2018-02-07 09:50:08 +01:00
committed by Andreas Kruger
parent b2d30d68e7
commit 4dab92ce69
7 changed files with 34 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
roles/kubernetes/master/templates/kubeadm-config.yaml.j2
View File

@@ -54,6 +54,16 @@ apiServerExtraArgs:
runtime-config: {{ kube_api_runtime_config | join(',') }}
{% endif %}
allow-privileged: "true"
{% if kube_version | version_compare('1.9', '>=') %}
requestheader-client-ca-file: "{{ kube_cert_dir }}/ca.pem"
requestheader-allowed-names: "{{ kube_api_requestheader_allowed_names }}"
requestheader-extra-headers-prefix: "X-Remote-Extra-"
requestheader-group-headers: "X-Remote-Group"
requestheader-username-headers: "X-Remote-User"
enable-aggregator-routing: "{{ kube_api_aggregator_routing }}"
proxy-client-cert-file: "{{ kube_cert_dir }}/front-proxy-client.pem"
proxy-client-key-file: "{{ kube_cert_dir }}/front-proxy-client-key.pem"
{% endif %}
controllerManagerExtraArgs:
node-monitor-grace-period: {{ kube_controller_node_monitor_grace_period }}
node-monitor-period: {{ kube_controller_node_monitor_period }}

12
roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
View File

@@ -101,14 +101,14 @@ spec:
- --feature-gates={{ kube_feature_gates|join(',') }}
{% endif %}
{% if kube_version | version_compare('1.9', '>=') %}
- --requestheader-client-ca-file=/etc/kubernetes/ssl/ca.pem
- --requestheader-allowed-names=system:aggregator-proxy-client
- "--requestheader-extra-headers-prefix=X-Remote-Extra-"
- --requestheader-client-ca-file={{ kube_cert_dir }}/ca.pem
- --requestheader-allowed-names={{ kube_api_requestheader_allowed_names }}
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --enable-aggregator-routing=true
- --proxy-client-cert-file=/etc/kubernetes/ssl/aggregator-proxy-client.pem
- --proxy-client-key-file=/etc/kubernetes/ssl/aggregator-proxy-client-key.pem
- --enable-aggregator-routing={{ kube_api_aggregator_routing }}
- --proxy-client-cert-file={{ kube_cert_dir }}/front-proxy-client.pem
- --proxy-client-key-file={{ kube_cert_dir }}/front-proxy-client-key.pem
{% endif %}
{% if apiserver_custom_flags is string %}
- {{ apiserver_custom_flags }}