mirror of https://github.com/kubernetes/kops.git
Merge pull request #11847 from johngmyers/kcm-ca
Refactor kube-controller-manager secrets
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
948a7a9ee1
|
|
@ -50,9 +50,15 @@ func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
pathSrvKCM := filepath.Join(b.PathSrvKubernetes(), "kube-controller-manager")
|
||||
|
||||
// Include the CA Key
|
||||
// @TODO: use a per-machine key? use KMS?
|
||||
if err := b.BuildPrivateKeyTask(c, fi.CertificateIDCA, "ca.key", nil); err != nil {
|
||||
if err := b.BuildCertificatePairTask(c, fi.CertificateIDCA, pathSrvKCM, "ca", nil); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := b.BuildPrivateKeyTask(c, "service-account", filepath.Join(pathSrvKCM, "service-account.key"), nil); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -100,10 +106,12 @@ func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error {
|
|||
|
||||
// buildPod is responsible for building the kubernetes manifest for the controller-manager
|
||||
func (b *KubeControllerManagerBuilder) buildPod() (*v1.Pod, error) {
|
||||
pathSrvKubernetes := b.PathSrvKubernetes()
|
||||
pathSrvKCM := filepath.Join(pathSrvKubernetes, "kube-controller-manager")
|
||||
|
||||
kcm := b.Cluster.Spec.KubeControllerManager
|
||||
kcm.RootCAFile = filepath.Join(b.PathSrvKubernetes(), "ca.crt")
|
||||
kcm.ServiceAccountPrivateKeyFile = filepath.Join(b.PathSrvKubernetes(), "service-account.key")
|
||||
kcm.RootCAFile = filepath.Join(pathSrvKubernetes, "ca.crt")
|
||||
kcm.ServiceAccountPrivateKeyFile = filepath.Join(pathSrvKCM, "service-account.key")
|
||||
|
||||
flags, err := flagbuilder.BuildFlagsList(kcm)
|
||||
if err != nil {
|
||||
|
|
@ -120,8 +128,8 @@ func (b *KubeControllerManagerBuilder) buildPod() (*v1.Pod, error) {
|
|||
|
||||
// Configure CA certificate to be used to sign keys
|
||||
flags = append(flags, []string{
|
||||
"--cluster-signing-cert-file=" + filepath.Join(b.PathSrvKubernetes(), "ca.crt"),
|
||||
"--cluster-signing-key-file=" + filepath.Join(b.PathSrvKubernetes(), "ca.key")}...)
|
||||
"--cluster-signing-cert-file=" + filepath.Join(pathSrvKCM, "ca.crt"),
|
||||
"--cluster-signing-key-file=" + filepath.Join(pathSrvKCM, "ca.key")}...)
|
||||
|
||||
pod := &v1.Pod{
|
||||
TypeMeta: metav1.TypeMeta{
|
||||
|
|
@ -210,10 +218,9 @@ func (b *KubeControllerManagerBuilder) buildPod() (*v1.Pod, error) {
|
|||
addHostPathMapping(pod, container, "cloudconfig", CloudConfigFilePath)
|
||||
}
|
||||
|
||||
pathSrvKubernetes := b.PathSrvKubernetes()
|
||||
if pathSrvKubernetes != "" {
|
||||
addHostPathMapping(pod, container, "srvkube", pathSrvKubernetes)
|
||||
}
|
||||
addHostPathMapping(pod, container, "cabundle", filepath.Join(pathSrvKubernetes, "ca.crt"))
|
||||
|
||||
addHostPathMapping(pod, container, "srvkcm", pathSrvKCM)
|
||||
|
||||
addHostPathMapping(pod, container, "varlibkcm", "/var/lib/kube-controller-manager")
|
||||
|
||||
|
|
|
|||
|
|
@ -18,14 +18,14 @@ contents: |
|
|||
- --cloud-provider=aws
|
||||
- --cluster-cidr=100.96.0.0/11
|
||||
- --cluster-name=minimal.example.com
|
||||
- --cluster-signing-cert-file=/srv/kubernetes/ca.crt
|
||||
- --cluster-signing-key-file=/srv/kubernetes/ca.key
|
||||
- --cluster-signing-cert-file=/srv/kubernetes/kube-controller-manager/ca.crt
|
||||
- --cluster-signing-key-file=/srv/kubernetes/kube-controller-manager/ca.key
|
||||
- --configure-cloud-routes=true
|
||||
- --flex-volume-plugin-dir=/usr/libexec/kubernetes/kubelet-plugins/volume/exec/
|
||||
- --kubeconfig=/var/lib/kube-controller-manager/kubeconfig
|
||||
- --leader-elect=true
|
||||
- --root-ca-file=/srv/kubernetes/ca.crt
|
||||
- --service-account-private-key-file=/srv/kubernetes/service-account.key
|
||||
- --service-account-private-key-file=/srv/kubernetes/kube-controller-manager/service-account.key
|
||||
- --use-service-account-credentials=true
|
||||
- --v=2
|
||||
- --logtostderr=false
|
||||
|
|
@ -79,8 +79,11 @@ contents: |
|
|||
- mountPath: /etc/kubernetes/cloud.config
|
||||
name: cloudconfig
|
||||
readOnly: true
|
||||
- mountPath: /srv/kubernetes
|
||||
name: srvkube
|
||||
- mountPath: /srv/kubernetes/ca.crt
|
||||
name: cabundle
|
||||
readOnly: true
|
||||
- mountPath: /srv/kubernetes/kube-controller-manager
|
||||
name: srvkcm
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/kube-controller-manager
|
||||
name: varlibkcm
|
||||
|
|
@ -127,8 +130,11 @@ contents: |
|
|||
path: /etc/kubernetes/cloud.config
|
||||
name: cloudconfig
|
||||
- hostPath:
|
||||
path: /srv/kubernetes
|
||||
name: srvkube
|
||||
path: /srv/kubernetes/ca.crt
|
||||
name: cabundle
|
||||
- hostPath:
|
||||
path: /srv/kubernetes/kube-controller-manager
|
||||
name: srvkcm
|
||||
- hostPath:
|
||||
path: /var/lib/kube-controller-manager
|
||||
name: varlibkcm
|
||||
|
|
@ -139,6 +145,29 @@ contents: |
|
|||
path: /etc/kubernetes/manifests/kube-controller-manager.manifest
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC2DCCAcCgAwIBAgIRALJXAkVj964tq67wMSI8oJQwDQYJKoZIhvcNAQELBQAw
|
||||
FTETMBEGA1UEAxMKa3ViZXJuZXRlczAeFw0xNzEyMjcyMzUyNDBaFw0yNzEyMjcy
|
||||
MzUyNDBaMBUxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBDwAwggEKAoIBAQDgnCkSmtnmfxEgS3qNPaUCH5QOBGDH/inHbWCODLBCK9gd
|
||||
XEcBl7FVv8T2kFr1DYb0HVDtMI7tixRVFDLgkwNlW34xwWdZXB7GeoFgU1xWOQSY
|
||||
OACC8JgYTQ/139HBEvgq4sej67p+/s/SNcw34Kk7HIuFhlk1rRk5kMexKIlJBKP1
|
||||
YYUYetsJ/QpUOkqJ5HW4GoetE76YtHnORfYvnybviSMrh2wGGaN6r/s4ChOaIbZC
|
||||
An8/YiPKGIDaZGpj6GXnmXARRX/TIdgSQkLwt0aTDBnPZ4XvtpI8aaL8DYJIqAzA
|
||||
NPH2b4/uNylat5jDo0b0G54agMi97+2AUrC9UUXpAgMBAAGjIzAhMA4GA1UdDwEB
|
||||
/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBVGR2r
|
||||
hzXzRMU5wriPQAJScszNORvoBpXfZoZ09FIupudFxBVU3d4hV9StKnQgPSGA5XQO
|
||||
HE97+BxJDuA/rB5oBUsMBjc7y1cde/T6hmi3rLoEYBSnSudCOXJE4G9/0f8byAJe
|
||||
rN8+No1r2VgZvZh6p74TEkXv/l3HBPWM7IdUV0HO9JDhSgOVF1fyQKJxRuLJR8jt
|
||||
O6mPH2UX0vMwVa4jvwtkddqk2OAdYQvH9rbDjjbzaiW0KnmdueRo92KHAN7BsDZy
|
||||
VpXHpqo1Kzg7D3fpaXCf5si7lqqrdJVXH4JC72zxsPehqgi8eIuqOBkiDWmRxAxh
|
||||
8yGeRx9AbknHh4Ia
|
||||
-----END CERTIFICATE-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/kube-controller-manager/ca.crt
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
|
||||
|
|
@ -168,7 +197,39 @@ contents: |
|
|||
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/ca.key
|
||||
path: /srv/kubernetes/kube-controller-manager/ca.key
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
|
||||
AZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA
|
||||
gvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF
|
||||
GHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/
|
||||
P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx
|
||||
9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI
|
||||
Bezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9
|
||||
/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM
|
||||
0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t
|
||||
vpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd
|
||||
cuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G
|
||||
8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj
|
||||
22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1
|
||||
AsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV
|
||||
99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs
|
||||
z2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg
|
||||
ST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK
|
||||
sfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7
|
||||
KhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i
|
||||
Q4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T
|
||||
t9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q
|
||||
dGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z
|
||||
worz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu
|
||||
BAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq
|
||||
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/kube-controller-manager/service-account.key
|
||||
type: file
|
||||
---
|
||||
contents:
|
||||
|
|
|
|||
|
|
@ -18,14 +18,14 @@ contents: |
|
|||
- --cloud-provider=aws
|
||||
- --cluster-cidr=100.96.0.0/11
|
||||
- --cluster-name=minimal.example.com
|
||||
- --cluster-signing-cert-file=/srv/kubernetes/ca.crt
|
||||
- --cluster-signing-key-file=/srv/kubernetes/ca.key
|
||||
- --cluster-signing-cert-file=/srv/kubernetes/kube-controller-manager/ca.crt
|
||||
- --cluster-signing-key-file=/srv/kubernetes/kube-controller-manager/ca.key
|
||||
- --configure-cloud-routes=true
|
||||
- --flex-volume-plugin-dir=/usr/libexec/kubernetes/kubelet-plugins/volume/exec/
|
||||
- --kubeconfig=/var/lib/kube-controller-manager/kubeconfig
|
||||
- --leader-elect=true
|
||||
- --root-ca-file=/srv/kubernetes/ca.crt
|
||||
- --service-account-private-key-file=/srv/kubernetes/service-account.key
|
||||
- --service-account-private-key-file=/srv/kubernetes/kube-controller-manager/service-account.key
|
||||
- --use-service-account-credentials=true
|
||||
- --v=2
|
||||
- --logtostderr=false
|
||||
|
|
@ -79,8 +79,11 @@ contents: |
|
|||
- mountPath: /etc/kubernetes/cloud.config
|
||||
name: cloudconfig
|
||||
readOnly: true
|
||||
- mountPath: /srv/kubernetes
|
||||
name: srvkube
|
||||
- mountPath: /srv/kubernetes/ca.crt
|
||||
name: cabundle
|
||||
readOnly: true
|
||||
- mountPath: /srv/kubernetes/kube-controller-manager
|
||||
name: srvkcm
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/kube-controller-manager
|
||||
name: varlibkcm
|
||||
|
|
@ -127,8 +130,11 @@ contents: |
|
|||
path: /etc/kubernetes/cloud.config
|
||||
name: cloudconfig
|
||||
- hostPath:
|
||||
path: /srv/kubernetes
|
||||
name: srvkube
|
||||
path: /srv/kubernetes/ca.crt
|
||||
name: cabundle
|
||||
- hostPath:
|
||||
path: /srv/kubernetes/kube-controller-manager
|
||||
name: srvkcm
|
||||
- hostPath:
|
||||
path: /var/lib/kube-controller-manager
|
||||
name: varlibkcm
|
||||
|
|
@ -139,6 +145,29 @@ contents: |
|
|||
path: /etc/kubernetes/manifests/kube-controller-manager.manifest
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC2DCCAcCgAwIBAgIRALJXAkVj964tq67wMSI8oJQwDQYJKoZIhvcNAQELBQAw
|
||||
FTETMBEGA1UEAxMKa3ViZXJuZXRlczAeFw0xNzEyMjcyMzUyNDBaFw0yNzEyMjcy
|
||||
MzUyNDBaMBUxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBDwAwggEKAoIBAQDgnCkSmtnmfxEgS3qNPaUCH5QOBGDH/inHbWCODLBCK9gd
|
||||
XEcBl7FVv8T2kFr1DYb0HVDtMI7tixRVFDLgkwNlW34xwWdZXB7GeoFgU1xWOQSY
|
||||
OACC8JgYTQ/139HBEvgq4sej67p+/s/SNcw34Kk7HIuFhlk1rRk5kMexKIlJBKP1
|
||||
YYUYetsJ/QpUOkqJ5HW4GoetE76YtHnORfYvnybviSMrh2wGGaN6r/s4ChOaIbZC
|
||||
An8/YiPKGIDaZGpj6GXnmXARRX/TIdgSQkLwt0aTDBnPZ4XvtpI8aaL8DYJIqAzA
|
||||
NPH2b4/uNylat5jDo0b0G54agMi97+2AUrC9UUXpAgMBAAGjIzAhMA4GA1UdDwEB
|
||||
/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBVGR2r
|
||||
hzXzRMU5wriPQAJScszNORvoBpXfZoZ09FIupudFxBVU3d4hV9StKnQgPSGA5XQO
|
||||
HE97+BxJDuA/rB5oBUsMBjc7y1cde/T6hmi3rLoEYBSnSudCOXJE4G9/0f8byAJe
|
||||
rN8+No1r2VgZvZh6p74TEkXv/l3HBPWM7IdUV0HO9JDhSgOVF1fyQKJxRuLJR8jt
|
||||
O6mPH2UX0vMwVa4jvwtkddqk2OAdYQvH9rbDjjbzaiW0KnmdueRo92KHAN7BsDZy
|
||||
VpXHpqo1Kzg7D3fpaXCf5si7lqqrdJVXH4JC72zxsPehqgi8eIuqOBkiDWmRxAxh
|
||||
8yGeRx9AbknHh4Ia
|
||||
-----END CERTIFICATE-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/kube-controller-manager/ca.crt
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
|
||||
|
|
@ -168,7 +197,39 @@ contents: |
|
|||
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/ca.key
|
||||
path: /srv/kubernetes/kube-controller-manager/ca.key
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
|
||||
AZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA
|
||||
gvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF
|
||||
GHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/
|
||||
P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx
|
||||
9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI
|
||||
Bezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9
|
||||
/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM
|
||||
0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t
|
||||
vpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd
|
||||
cuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G
|
||||
8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj
|
||||
22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1
|
||||
AsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV
|
||||
99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs
|
||||
z2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg
|
||||
ST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK
|
||||
sfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7
|
||||
KhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i
|
||||
Q4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T
|
||||
t9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q
|
||||
dGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z
|
||||
worz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu
|
||||
BAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq
|
||||
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/kube-controller-manager/service-account.key
|
||||
type: file
|
||||
---
|
||||
contents:
|
||||
|
|
|
|||
|
|
@ -18,14 +18,14 @@ contents: |
|
|||
- --cloud-provider=aws
|
||||
- --cluster-cidr=100.96.0.0/11
|
||||
- --cluster-name=minimal.example.com
|
||||
- --cluster-signing-cert-file=/srv/kubernetes/ca.crt
|
||||
- --cluster-signing-key-file=/srv/kubernetes/ca.key
|
||||
- --cluster-signing-cert-file=/srv/kubernetes/kube-controller-manager/ca.crt
|
||||
- --cluster-signing-key-file=/srv/kubernetes/kube-controller-manager/ca.key
|
||||
- --configure-cloud-routes=true
|
||||
- --flex-volume-plugin-dir=/usr/libexec/kubernetes/kubelet-plugins/volume/exec/
|
||||
- --kubeconfig=/var/lib/kube-controller-manager/kubeconfig
|
||||
- --leader-elect=true
|
||||
- --root-ca-file=/srv/kubernetes/ca.crt
|
||||
- --service-account-private-key-file=/srv/kubernetes/service-account.key
|
||||
- --service-account-private-key-file=/srv/kubernetes/kube-controller-manager/service-account.key
|
||||
- --use-service-account-credentials=true
|
||||
- --v=2
|
||||
- --logtostderr=false
|
||||
|
|
@ -79,8 +79,11 @@ contents: |
|
|||
- mountPath: /etc/kubernetes/cloud.config
|
||||
name: cloudconfig
|
||||
readOnly: true
|
||||
- mountPath: /srv/kubernetes
|
||||
name: srvkube
|
||||
- mountPath: /srv/kubernetes/ca.crt
|
||||
name: cabundle
|
||||
readOnly: true
|
||||
- mountPath: /srv/kubernetes/kube-controller-manager
|
||||
name: srvkcm
|
||||
readOnly: true
|
||||
- mountPath: /var/lib/kube-controller-manager
|
||||
name: varlibkcm
|
||||
|
|
@ -127,8 +130,11 @@ contents: |
|
|||
path: /etc/kubernetes/cloud.config
|
||||
name: cloudconfig
|
||||
- hostPath:
|
||||
path: /srv/kubernetes
|
||||
name: srvkube
|
||||
path: /srv/kubernetes/ca.crt
|
||||
name: cabundle
|
||||
- hostPath:
|
||||
path: /srv/kubernetes/kube-controller-manager
|
||||
name: srvkcm
|
||||
- hostPath:
|
||||
path: /var/lib/kube-controller-manager
|
||||
name: varlibkcm
|
||||
|
|
@ -139,6 +145,29 @@ contents: |
|
|||
path: /etc/kubernetes/manifests/kube-controller-manager.manifest
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIC2DCCAcCgAwIBAgIRALJXAkVj964tq67wMSI8oJQwDQYJKoZIhvcNAQELBQAw
|
||||
FTETMBEGA1UEAxMKa3ViZXJuZXRlczAeFw0xNzEyMjcyMzUyNDBaFw0yNzEyMjcy
|
||||
MzUyNDBaMBUxEzARBgNVBAMTCmt1YmVybmV0ZXMwggEiMA0GCSqGSIb3DQEBAQUA
|
||||
A4IBDwAwggEKAoIBAQDgnCkSmtnmfxEgS3qNPaUCH5QOBGDH/inHbWCODLBCK9gd
|
||||
XEcBl7FVv8T2kFr1DYb0HVDtMI7tixRVFDLgkwNlW34xwWdZXB7GeoFgU1xWOQSY
|
||||
OACC8JgYTQ/139HBEvgq4sej67p+/s/SNcw34Kk7HIuFhlk1rRk5kMexKIlJBKP1
|
||||
YYUYetsJ/QpUOkqJ5HW4GoetE76YtHnORfYvnybviSMrh2wGGaN6r/s4ChOaIbZC
|
||||
An8/YiPKGIDaZGpj6GXnmXARRX/TIdgSQkLwt0aTDBnPZ4XvtpI8aaL8DYJIqAzA
|
||||
NPH2b4/uNylat5jDo0b0G54agMi97+2AUrC9UUXpAgMBAAGjIzAhMA4GA1UdDwEB
|
||||
/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBVGR2r
|
||||
hzXzRMU5wriPQAJScszNORvoBpXfZoZ09FIupudFxBVU3d4hV9StKnQgPSGA5XQO
|
||||
HE97+BxJDuA/rB5oBUsMBjc7y1cde/T6hmi3rLoEYBSnSudCOXJE4G9/0f8byAJe
|
||||
rN8+No1r2VgZvZh6p74TEkXv/l3HBPWM7IdUV0HO9JDhSgOVF1fyQKJxRuLJR8jt
|
||||
O6mPH2UX0vMwVa4jvwtkddqk2OAdYQvH9rbDjjbzaiW0KnmdueRo92KHAN7BsDZy
|
||||
VpXHpqo1Kzg7D3fpaXCf5si7lqqrdJVXH4JC72zxsPehqgi8eIuqOBkiDWmRxAxh
|
||||
8yGeRx9AbknHh4Ia
|
||||
-----END CERTIFICATE-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/kube-controller-manager/ca.crt
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
|
||||
|
|
@ -168,7 +197,39 @@ contents: |
|
|||
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/ca.key
|
||||
path: /srv/kubernetes/kube-controller-manager/ca.key
|
||||
type: file
|
||||
---
|
||||
contents: |
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEA4JwpEprZ5n8RIEt6jT2lAh+UDgRgx/4px21gjgywQivYHVxH
|
||||
AZexVb/E9pBa9Q2G9B1Q7TCO7YsUVRQy4JMDZVt+McFnWVwexnqBYFNcVjkEmDgA
|
||||
gvCYGE0P9d/RwRL4KuLHo+u6fv7P0jXMN+CpOxyLhYZZNa0ZOZDHsSiJSQSj9WGF
|
||||
GHrbCf0KVDpKieR1uBqHrRO+mLR5zkX2L58m74kjK4dsBhmjeq/7OAoTmiG2QgJ/
|
||||
P2IjyhiA2mRqY+hl55lwEUV/0yHYEkJC8LdGkwwZz2eF77aSPGmi/A2CSKgMwDTx
|
||||
9m+P7jcpWreYw6NG9BueGoDIve/tgFKwvVFF6QIDAQABAoIBAA0ktjaTfyrAxsTI
|
||||
Bezb7Zr5NBW55dvuII299cd6MJo+rI/TRYhvUv48kY8IFXp/hyUjzgeDLunxmIf9
|
||||
/Zgsoic9Ol44/g45mMduhcGYPzAAeCdcJ5OB9rR9VfDCXyjYLlN8H8iU0734tTqM
|
||||
0V13tQ9zdSqkGPZOIcq/kR/pylbOZaQMe97BTlsAnOMSMKDgnftY4122Lq3GYy+t
|
||||
vpr+bKVaQZwvkLoSU3rECCaKaghgwCyX7jft9aEkhdJv+KlwbsGY6WErvxOaLWHd
|
||||
cuMQjGapY1Fa/4UD00mvrA260NyKfzrp6+P46RrVMwEYRJMIQ8YBAk6N6Hh7dc0G
|
||||
8Z6i1m0CgYEA9HeCJR0TSwbIQ1bDXUrzpftHuidG5BnSBtax/ND9qIPhR/FBW5nj
|
||||
22nwLc48KkyirlfIULd0ae4qVXJn7wfYcuX/cJMLDmSVtlM5Dzmi/91xRiFgIzx1
|
||||
AsbBzaFjISP2HpSgL+e9FtSXaaqeZVrflitVhYKUpI/AKV31qGHf04sCgYEA6zTV
|
||||
99Sb49Wdlns5IgsfnXl6ToRttB18lfEKcVfjAM4frnkk06JpFAZeR+9GGKUXZHqs
|
||||
z2qcplw4d/moCC6p3rYPBMLXsrGNEUFZqBlgz72QA6BBq3X0Cg1Bc2ZbK5VIzwkg
|
||||
ST2SSux6ccROfgULmN5ZiLOtdUKNEZpFF3i3qtsCgYADT/s7dYFlatobz3kmMnXK
|
||||
sfTu2MllHdRys0YGHu7Q8biDuQkhrJwhxPW0KS83g4JQym+0aEfzh36bWcl+u6R7
|
||||
KhKj+9oSf9pndgk345gJz35RbPJYh+EuAHNvzdgCAvK6x1jETWeKf6btj5pF1U1i
|
||||
Q4QNIw/QiwIXjWZeubTGsQKBgQCbduLu2rLnlyyAaJZM8DlHZyH2gAXbBZpxqU8T
|
||||
t9mtkJDUS/KRiEoYGFV9CqS0aXrayVMsDfXY6B/S/UuZjO5u7LtklDzqOf1aKG3Q
|
||||
dGXPKibknqqJYH+bnUNjuYYNerETV57lijMGHuSYCf8vwLn3oxBfERRX61M/DU8Z
|
||||
worz/QKBgQDCTJI2+jdXg26XuYUmM4XXfnocfzAXhXBULt1nENcogNf1fcptAVtu
|
||||
BAiz4/HipQKqoWVUYmxfgbbLRKKLK0s0lOWKbYdVjhEm/m2ZU8wtXTagNwkIGoyq
|
||||
Y/C1Lox4f1ROJnCjc/hfcOjcxX5M8A8peecHWlVtUPKTJgxQ7oMKcw==
|
||||
-----END RSA PRIVATE KEY-----
|
||||
mode: "0600"
|
||||
path: /srv/kubernetes/kube-controller-manager/service-account.key
|
||||
type: file
|
||||
---
|
||||
contents:
|
||||
|
|
|
|||
Loading…
Reference in New Issue