External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-01-20 06:01:28 -03:30
Code Issues Packages Projects Releases Wiki Activity

Updating CN for node certs generated by vault (#1622)

Browse Source 
This allows the node authorization plugin to function correctly
This commit is contained in:
Brad Beam 2017-09-06 02:55:08 -05:00 committed by Matthew Mosesohn
parent 4c88ac69f2
commit a341adb7f3
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/kubernetes/secrets/tasks/gen_certs_vault.yml
View File

@ -65,7 +65,9 @@
# Issue node certs to k8s-cluster nodes
- include: ../../../vault/tasks/shared/issue_cert.yml
vars:
issue_cert_common_name: "system:node:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}"
# Need to strip out the 'node-' prefix from the cert name so it can be used
# with the node authorization plugin ( CN matches kubelet node name )
issue_cert_common_name: "system:node:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] | regex_replace('^node-', '') }}"
issue_cert_copy_ca: "{{ item == kube_node_certs_needed|first }}"
issue_cert_file_group: "{{ kube_cert_group }}"
issue_cert_file_owner: kube