diff --git a/nodeup/pkg/model/tests/golden/minimal/tasks-kube-controller-manager.yaml b/nodeup/pkg/model/tests/golden/minimal/tasks-kube-controller-manager.yaml index 13624a02b1..bc9c851012 100644 --- a/nodeup/pkg/model/tests/golden/minimal/tasks-kube-controller-manager.yaml +++ b/nodeup/pkg/model/tests/golden/minimal/tasks-kube-controller-manager.yaml @@ -28,6 +28,8 @@ contents: | - --leader-elect=true - --root-ca-file=/srv/kubernetes/ca.crt - --service-account-private-key-file=/srv/kubernetes/kube-controller-manager/service-account.key + - --tls-cert-file=/srv/kubernetes/kube-controller-manager/server.crt + - --tls-private-key-file=/srv/kubernetes/kube-controller-manager/server.key - --use-service-account-credentials=true - --v=2 - --logtostderr=false @@ -147,6 +149,10 @@ contents: | path: /etc/kubernetes/manifests/kube-controller-manager.manifest type: file --- +mode: "0755" +path: /srv/kubernetes/kube-controller-manager +type: directory +--- contents: | -----BEGIN CERTIFICATE----- MIIC2DCCAcCgAwIBAgIRALJXAkVj964tq67wMSI8oJQwDQYJKoZIhvcNAQELBQAw @@ -202,6 +208,34 @@ mode: "0600" path: /srv/kubernetes/kube-controller-manager/ca.key type: file --- +contents: + task: + Name: kube-controller-manager-server + alternateNames: + - kube-controller-manager.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-controller-manager + type: server +mode: "0644" +path: /srv/kubernetes/kube-controller-manager/server.crt +type: file +--- +contents: + task: + Name: kube-controller-manager-server + alternateNames: + - kube-controller-manager.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-controller-manager + type: server +mode: "0600" +path: /srv/kubernetes/kube-controller-manager/server.key +type: file +--- contents: | -----BEGIN RSA PRIVATE KEY----- MIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4 @@ -261,6 +295,15 @@ subject: CommonName: system:kube-controller-manager type: client --- +Name: kube-controller-manager-server +alternateNames: +- kube-controller-manager.kube-system.svc.cluster.local +keypairID: "3" +signer: kubernetes-ca +subject: + CommonName: kube-controller-manager +type: server +--- CA: task: Name: kube-controller-manager diff --git a/nodeup/pkg/model/tests/golden/minimal/tasks-kube-scheduler.yaml b/nodeup/pkg/model/tests/golden/minimal/tasks-kube-scheduler.yaml index 8de8f70629..b2718cd0e8 100644 --- a/nodeup/pkg/model/tests/golden/minimal/tasks-kube-scheduler.yaml +++ b/nodeup/pkg/model/tests/golden/minimal/tasks-kube-scheduler.yaml @@ -16,6 +16,8 @@ contents: | - --authorization-kubeconfig=/var/lib/kube-scheduler/kubeconfig - --config=/var/lib/kube-scheduler/config.yaml - --leader-elect=true + - --tls-cert-file=/srv/kubernetes/kube-scheduler/server.crt + - --tls-private-key-file=/srv/kubernetes/kube-scheduler/server.key - --v=2 - --logtostderr=false - --alsologtostderr @@ -38,6 +40,9 @@ contents: | - mountPath: /var/lib/kube-scheduler name: varlibkubescheduler readOnly: true + - mountPath: /srv/kubernetes/kube-scheduler + name: srvscheduler + readOnly: true - mountPath: /var/log/kube-scheduler.log name: logfile hostNetwork: true @@ -49,6 +54,9 @@ contents: | - hostPath: path: /var/lib/kube-scheduler name: varlibkubescheduler + - hostPath: + path: /srv/kubernetes/kube-scheduler + name: srvscheduler - hostPath: path: /var/log/kube-scheduler.log name: logfile @@ -56,6 +64,38 @@ contents: | path: /etc/kubernetes/manifests/kube-scheduler.manifest type: file --- +mode: "0755" +path: /srv/kubernetes/kube-scheduler +type: directory +--- +contents: + task: + Name: kube-scheduler-server + alternateNames: + - kube-scheduler.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-scheduler + type: server +mode: "0644" +path: /srv/kubernetes/kube-scheduler/server.crt +type: file +--- +contents: + task: + Name: kube-scheduler-server + alternateNames: + - kube-scheduler.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-scheduler + type: server +mode: "0600" +path: /srv/kubernetes/kube-scheduler/server.key +type: file +--- contents: | apiVersion: kubescheduler.config.k8s.io/v1alpha2 clientConnection: @@ -110,6 +150,15 @@ subject: CommonName: system:kube-scheduler type: client --- +Name: kube-scheduler-server +alternateNames: +- kube-scheduler.kube-system.svc.cluster.local +keypairID: "3" +signer: kubernetes-ca +subject: + CommonName: kube-scheduler +type: server +--- CA: task: Name: kube-scheduler diff --git a/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-amd64.yaml b/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-amd64.yaml index 2eb47b78f2..6277cec360 100644 --- a/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-amd64.yaml +++ b/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-amd64.yaml @@ -28,6 +28,8 @@ contents: | - --leader-elect=true - --root-ca-file=/srv/kubernetes/ca.crt - --service-account-private-key-file=/srv/kubernetes/kube-controller-manager/service-account.key + - --tls-cert-file=/srv/kubernetes/kube-controller-manager/server.crt + - --tls-private-key-file=/srv/kubernetes/kube-controller-manager/server.key - --use-service-account-credentials=true - --v=2 - --logtostderr=false @@ -147,6 +149,10 @@ contents: | path: /etc/kubernetes/manifests/kube-controller-manager.manifest type: file --- +mode: "0755" +path: /srv/kubernetes/kube-controller-manager +type: directory +--- contents: | -----BEGIN CERTIFICATE----- MIIC2DCCAcCgAwIBAgIRALJXAkVj964tq67wMSI8oJQwDQYJKoZIhvcNAQELBQAw @@ -202,6 +208,34 @@ mode: "0600" path: /srv/kubernetes/kube-controller-manager/ca.key type: file --- +contents: + task: + Name: kube-controller-manager-server + alternateNames: + - kube-controller-manager.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-controller-manager + type: server +mode: "0644" +path: /srv/kubernetes/kube-controller-manager/server.crt +type: file +--- +contents: + task: + Name: kube-controller-manager-server + alternateNames: + - kube-controller-manager.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-controller-manager + type: server +mode: "0600" +path: /srv/kubernetes/kube-controller-manager/server.key +type: file +--- contents: | -----BEGIN RSA PRIVATE KEY----- MIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4 @@ -261,6 +295,15 @@ subject: CommonName: system:kube-controller-manager type: client --- +Name: kube-controller-manager-server +alternateNames: +- kube-controller-manager.kube-system.svc.cluster.local +keypairID: "3" +signer: kubernetes-ca +subject: + CommonName: kube-controller-manager +type: server +--- CA: task: Name: kube-controller-manager diff --git a/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-arm64.yaml b/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-arm64.yaml index b181477d96..6837be39d8 100644 --- a/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-arm64.yaml +++ b/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-controller-manager-arm64.yaml @@ -28,6 +28,8 @@ contents: | - --leader-elect=true - --root-ca-file=/srv/kubernetes/ca.crt - --service-account-private-key-file=/srv/kubernetes/kube-controller-manager/service-account.key + - --tls-cert-file=/srv/kubernetes/kube-controller-manager/server.crt + - --tls-private-key-file=/srv/kubernetes/kube-controller-manager/server.key - --use-service-account-credentials=true - --v=2 - --logtostderr=false @@ -147,6 +149,10 @@ contents: | path: /etc/kubernetes/manifests/kube-controller-manager.manifest type: file --- +mode: "0755" +path: /srv/kubernetes/kube-controller-manager +type: directory +--- contents: | -----BEGIN CERTIFICATE----- MIIC2DCCAcCgAwIBAgIRALJXAkVj964tq67wMSI8oJQwDQYJKoZIhvcNAQELBQAw @@ -202,6 +208,34 @@ mode: "0600" path: /srv/kubernetes/kube-controller-manager/ca.key type: file --- +contents: + task: + Name: kube-controller-manager-server + alternateNames: + - kube-controller-manager.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-controller-manager + type: server +mode: "0644" +path: /srv/kubernetes/kube-controller-manager/server.crt +type: file +--- +contents: + task: + Name: kube-controller-manager-server + alternateNames: + - kube-controller-manager.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-controller-manager + type: server +mode: "0600" +path: /srv/kubernetes/kube-controller-manager/server.key +type: file +--- contents: | -----BEGIN RSA PRIVATE KEY----- MIIBPQIBAAJBANiW3hfHTcKnxCig+uWhpVbOfH1pANKmXVSysPKgE80QSU4tZ6m4 @@ -261,6 +295,15 @@ subject: CommonName: system:kube-controller-manager type: client --- +Name: kube-controller-manager-server +alternateNames: +- kube-controller-manager.kube-system.svc.cluster.local +keypairID: "3" +signer: kubernetes-ca +subject: + CommonName: kube-controller-manager +type: server +--- CA: task: Name: kube-controller-manager diff --git a/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-scheduler-amd64.yaml b/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-scheduler-amd64.yaml index f05f707958..6a839544ed 100644 --- a/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-scheduler-amd64.yaml +++ b/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-scheduler-amd64.yaml @@ -16,6 +16,8 @@ contents: | - --authorization-kubeconfig=/var/lib/kube-scheduler/kubeconfig - --config=/var/lib/kube-scheduler/config.yaml - --leader-elect=true + - --tls-cert-file=/srv/kubernetes/kube-scheduler/server.crt + - --tls-private-key-file=/srv/kubernetes/kube-scheduler/server.key - --v=2 - --logtostderr=false - --alsologtostderr @@ -38,6 +40,9 @@ contents: | - mountPath: /var/lib/kube-scheduler name: varlibkubescheduler readOnly: true + - mountPath: /srv/kubernetes/kube-scheduler + name: srvscheduler + readOnly: true - mountPath: /var/log/kube-scheduler.log name: logfile hostNetwork: true @@ -49,6 +54,9 @@ contents: | - hostPath: path: /var/lib/kube-scheduler name: varlibkubescheduler + - hostPath: + path: /srv/kubernetes/kube-scheduler + name: srvscheduler - hostPath: path: /var/log/kube-scheduler.log name: logfile @@ -56,6 +64,38 @@ contents: | path: /etc/kubernetes/manifests/kube-scheduler.manifest type: file --- +mode: "0755" +path: /srv/kubernetes/kube-scheduler +type: directory +--- +contents: + task: + Name: kube-scheduler-server + alternateNames: + - kube-scheduler.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-scheduler + type: server +mode: "0644" +path: /srv/kubernetes/kube-scheduler/server.crt +type: file +--- +contents: + task: + Name: kube-scheduler-server + alternateNames: + - kube-scheduler.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-scheduler + type: server +mode: "0600" +path: /srv/kubernetes/kube-scheduler/server.key +type: file +--- contents: | apiVersion: kubescheduler.config.k8s.io/v1alpha2 clientConnection: @@ -110,6 +150,15 @@ subject: CommonName: system:kube-scheduler type: client --- +Name: kube-scheduler-server +alternateNames: +- kube-scheduler.kube-system.svc.cluster.local +keypairID: "3" +signer: kubernetes-ca +subject: + CommonName: kube-scheduler +type: server +--- CA: task: Name: kube-scheduler diff --git a/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-scheduler-arm64.yaml b/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-scheduler-arm64.yaml index 4fffb09f50..5773837629 100644 --- a/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-scheduler-arm64.yaml +++ b/nodeup/pkg/model/tests/golden/side-loading/tasks-kube-scheduler-arm64.yaml @@ -16,6 +16,8 @@ contents: | - --authorization-kubeconfig=/var/lib/kube-scheduler/kubeconfig - --config=/var/lib/kube-scheduler/config.yaml - --leader-elect=true + - --tls-cert-file=/srv/kubernetes/kube-scheduler/server.crt + - --tls-private-key-file=/srv/kubernetes/kube-scheduler/server.key - --v=2 - --logtostderr=false - --alsologtostderr @@ -38,6 +40,9 @@ contents: | - mountPath: /var/lib/kube-scheduler name: varlibkubescheduler readOnly: true + - mountPath: /srv/kubernetes/kube-scheduler + name: srvscheduler + readOnly: true - mountPath: /var/log/kube-scheduler.log name: logfile hostNetwork: true @@ -49,6 +54,9 @@ contents: | - hostPath: path: /var/lib/kube-scheduler name: varlibkubescheduler + - hostPath: + path: /srv/kubernetes/kube-scheduler + name: srvscheduler - hostPath: path: /var/log/kube-scheduler.log name: logfile @@ -56,6 +64,38 @@ contents: | path: /etc/kubernetes/manifests/kube-scheduler.manifest type: file --- +mode: "0755" +path: /srv/kubernetes/kube-scheduler +type: directory +--- +contents: + task: + Name: kube-scheduler-server + alternateNames: + - kube-scheduler.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-scheduler + type: server +mode: "0644" +path: /srv/kubernetes/kube-scheduler/server.crt +type: file +--- +contents: + task: + Name: kube-scheduler-server + alternateNames: + - kube-scheduler.kube-system.svc.cluster.local + keypairID: "3" + signer: kubernetes-ca + subject: + CommonName: kube-scheduler + type: server +mode: "0600" +path: /srv/kubernetes/kube-scheduler/server.key +type: file +--- contents: | apiVersion: kubescheduler.config.k8s.io/v1alpha2 clientConnection: @@ -110,6 +150,15 @@ subject: CommonName: system:kube-scheduler type: client --- +Name: kube-scheduler-server +alternateNames: +- kube-scheduler.kube-system.svc.cluster.local +keypairID: "3" +signer: kubernetes-ca +subject: + CommonName: kube-scheduler +type: server +--- CA: task: Name: kube-scheduler