mirror of https://github.com/kubernetes/kops.git
remove default insecure from openstack
This commit is contained in:
Jesse Haka
parent
f9f80f0b26
commit
daac327372
|
|
@ -149,3 +149,17 @@ kops create cluster \
|
|||
```
|
||||
|
||||
The biggest problem currently when installing without loadbalancer is that kubectl requests outside cluster is always going to first master. External loadbalancer is one option which can solve this issue.
|
||||
|
||||
# Using with self-signed certificates in OpenStack
|
||||
|
||||
Kops can be configured to use insecure mode towards OpenStack. However, this is **NOT** recommended as OpenStack cloudprovider in kubernetes does not support it.
|
||||
If you use insecure flag in kops - it might be that the cluster does not work correctly.
|
||||
|
||||
```
|
||||
spec:
|
||||
...
|
||||
cloudConfig:
|
||||
openstack:
|
||||
insecureSkipVerify: true
|
||||
...
|
||||
```
|
||||
|
|
|
|||
|
|
@ -609,10 +609,11 @@ type OpenstackRouter struct {
|
|||
|
||||
// OpenstackConfiguration defines cloud config elements for the openstack cloud provider
|
||||
type OpenstackConfiguration struct {
|
||||
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
|
||||
Monitor *OpenstackMonitor `json:"monitor,omitempty"`
|
||||
Router *OpenstackRouter `json:"router,omitempty"`
|
||||
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
|
||||
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
|
||||
Monitor *OpenstackMonitor `json:"monitor,omitempty"`
|
||||
Router *OpenstackRouter `json:"router,omitempty"`
|
||||
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
|
||||
InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
|
||||
}
|
||||
|
||||
// CloudConfiguration defines the cloud provider configuration
|
||||
|
|
|
|||
|
|
@ -609,10 +609,11 @@ type OpenstackRouter struct {
|
|||
|
||||
// OpenstackConfiguration defines cloud config elements for the openstack cloud provider
|
||||
type OpenstackConfiguration struct {
|
||||
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
|
||||
Monitor *OpenstackMonitor `json:"monitor,omitempty"`
|
||||
Router *OpenstackRouter `json:"router,omitempty"`
|
||||
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
|
||||
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
|
||||
Monitor *OpenstackMonitor `json:"monitor,omitempty"`
|
||||
Router *OpenstackRouter `json:"router,omitempty"`
|
||||
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
|
||||
InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
|
||||
}
|
||||
|
||||
// CloudConfiguration defines the cloud provider configuration
|
||||
|
|
|
|||
|
|
@ -4135,6 +4135,7 @@ func autoConvert_v1alpha1_OpenstackConfiguration_To_kops_OpenstackConfiguration(
|
|||
} else {
|
||||
out.BlockStorage = nil
|
||||
}
|
||||
out.InsecureSkipVerify = in.InsecureSkipVerify
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -4180,6 +4181,7 @@ func autoConvert_kops_OpenstackConfiguration_To_v1alpha1_OpenstackConfiguration(
|
|||
} else {
|
||||
out.BlockStorage = nil
|
||||
}
|
||||
out.InsecureSkipVerify = in.InsecureSkipVerify
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2814,6 +2814,11 @@ func (in *OpenstackConfiguration) DeepCopyInto(out *OpenstackConfiguration) {
|
|||
*out = new(OpenstackBlockStorageConfig)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.InsecureSkipVerify != nil {
|
||||
in, out := &in.InsecureSkipVerify, &out.InsecureSkipVerify
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -609,10 +609,11 @@ type OpenstackRouter struct {
|
|||
|
||||
// OpenstackConfiguration defines cloud config elements for the openstack cloud provider
|
||||
type OpenstackConfiguration struct {
|
||||
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
|
||||
Monitor *OpenstackMonitor `json:"monitor,omitempty"`
|
||||
Router *OpenstackRouter `json:"router,omitempty"`
|
||||
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
|
||||
Loadbalancer *OpenstackLoadbalancerConfig `json:"loadbalancer,omitempty"`
|
||||
Monitor *OpenstackMonitor `json:"monitor,omitempty"`
|
||||
Router *OpenstackRouter `json:"router,omitempty"`
|
||||
BlockStorage *OpenstackBlockStorageConfig `json:"blockStorage,omitempty"`
|
||||
InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"`
|
||||
}
|
||||
|
||||
// CloudConfiguration defines the cloud provider configuration
|
||||
|
|
|
|||
|
|
@ -4405,6 +4405,7 @@ func autoConvert_v1alpha2_OpenstackConfiguration_To_kops_OpenstackConfiguration(
|
|||
} else {
|
||||
out.BlockStorage = nil
|
||||
}
|
||||
out.InsecureSkipVerify = in.InsecureSkipVerify
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -4450,6 +4451,7 @@ func autoConvert_kops_OpenstackConfiguration_To_v1alpha2_OpenstackConfiguration(
|
|||
} else {
|
||||
out.BlockStorage = nil
|
||||
}
|
||||
out.InsecureSkipVerify = in.InsecureSkipVerify
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2885,6 +2885,11 @@ func (in *OpenstackConfiguration) DeepCopyInto(out *OpenstackConfiguration) {
|
|||
*out = new(OpenstackBlockStorageConfig)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.InsecureSkipVerify != nil {
|
||||
in, out := &in.InsecureSkipVerify, &out.InsecureSkipVerify
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3099,6 +3099,11 @@ func (in *OpenstackConfiguration) DeepCopyInto(out *OpenstackConfiguration) {
|
|||
*out = new(OpenstackBlockStorageConfig)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
if in.InsecureSkipVerify != nil {
|
||||
in, out := &in.InsecureSkipVerify, &out.InsecureSkipVerify
|
||||
*out = new(bool)
|
||||
**out = **in
|
||||
}
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -323,11 +323,13 @@ func NewOpenstackCloud(tags map[string]string, spec *kops.ClusterSpec) (Openstac
|
|||
return nil, fmt.Errorf("error finding openstack region: %v", err)
|
||||
}
|
||||
|
||||
tlsconfig := &tls.Config{}
|
||||
tlsconfig.InsecureSkipVerify = true
|
||||
transport := &http.Transport{TLSClientConfig: tlsconfig}
|
||||
provider.HTTPClient = http.Client{
|
||||
Transport: transport,
|
||||
if spec != nil && spec.CloudConfig != nil && spec.CloudConfig.Openstack != nil && spec.CloudConfig.Openstack.InsecureSkipVerify != nil {
|
||||
tlsconfig := &tls.Config{}
|
||||
tlsconfig.InsecureSkipVerify = fi.BoolValue(spec.CloudConfig.Openstack.InsecureSkipVerify)
|
||||
transport := &http.Transport{TLSClientConfig: tlsconfig}
|
||||
provider.HTTPClient = http.Client{
|
||||
Transport: transport,
|
||||
}
|
||||
}
|
||||
|
||||
klog.V(2).Info("authenticating to keystone")
|
||||
|
|
|
|||
Loading…
Reference in New Issue