From 75defebbf5c5ccf32968993f68d6b9583578578d Mon Sep 17 00:00:00 2001 From: gjmzj Date: Thu, 14 Mar 2019 14:00:28 +0800 Subject: [PATCH] =?UTF-8?q?=E5=BA=9F=E5=BC=83ansible=20hosts=E4=B8=ADbasic?= =?UTF-8?q?=5Fauth=E7=9B=B8=E5=85=B3=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/hosts.allinone.example | 4 ---- example/hosts.allinone.example.en | 4 ---- example/hosts.cloud.example | 4 ---- example/hosts.cloud.example.en | 4 ---- example/hosts.m-masters.example | 4 ---- example/hosts.m-masters.example.en | 4 ---- example/hosts.s-master.example | 4 ---- example/hosts.s-master.example.en | 4 ---- roles/deploy/tasks/main.yml | 6 ------ roles/kube-master/defaults/main.yml | 7 +++++++ 10 files changed, 7 insertions(+), 38 deletions(-) diff --git a/example/hosts.allinone.example b/example/hosts.allinone.example index 35249d2..0831a55 100644 --- a/example/hosts.allinone.example +++ b/example/hosts.allinone.example @@ -53,10 +53,6 @@ CLUSTER_DNS_SVC_IP="10.68.0.2" # 集群 DNS 域名 CLUSTER_DNS_DOMAIN="cluster.local." -# 集群basic auth 使用的用户名和密码 (运行时会生成随机密码) -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS="test1234" - # ---------附加参数-------------------- #默认二进制文件目录 bin_dir="/opt/kube/bin" diff --git a/example/hosts.allinone.example.en b/example/hosts.allinone.example.en index 157d263..95ea154 100644 --- a/example/hosts.allinone.example.en +++ b/example/hosts.allinone.example.en @@ -54,10 +54,6 @@ CLUSTER_DNS_SVC_IP="10.68.0.2" # Cluster DNS Domain CLUSTER_DNS_DOMAIN="cluster.local." -# Basic auth for apiserver (a random password will be gennerated on cluster setup) -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS="test1234" - # -------- Additional Variables -------------------- # Binaries Directory bin_dir="/opt/kube/bin" diff --git a/example/hosts.cloud.example b/example/hosts.cloud.example index 5a7804c..ab86381 100644 --- a/example/hosts.cloud.example +++ b/example/hosts.cloud.example @@ -53,10 +53,6 @@ CLUSTER_DNS_SVC_IP="10.68.0.2" # 集群 DNS 域名 CLUSTER_DNS_DOMAIN="cluster.local." -# 集群basic auth 使用的用户名和密码 (运行时会生成随机密码) -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS="test1234" - # ---------附加参数-------------------- #默认二进制文件目录 bin_dir="/opt/kube/bin" diff --git a/example/hosts.cloud.example.en b/example/hosts.cloud.example.en index 67fa159..5e0aaa4 100644 --- a/example/hosts.cloud.example.en +++ b/example/hosts.cloud.example.en @@ -54,10 +54,6 @@ CLUSTER_DNS_SVC_IP="10.68.0.2" # Cluster DNS Domain CLUSTER_DNS_DOMAIN="cluster.local." -# Basic auth for apiserver (a random password will be gennerated on cluster setup) -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS="test1234" - # -------- Additional Variables -------------------- # Binaries Directory bin_dir="/opt/kube/bin" diff --git a/example/hosts.m-masters.example b/example/hosts.m-masters.example index fde5b4f..7e50eed 100644 --- a/example/hosts.m-masters.example +++ b/example/hosts.m-masters.example @@ -63,10 +63,6 @@ CLUSTER_DNS_SVC_IP="10.68.0.2" # 集群 DNS 域名 CLUSTER_DNS_DOMAIN="cluster.local." -# 集群basic auth 使用的用户名和密码 (运行时会生成随机密码) -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS="test1234" - # ---------附加参数-------------------- #默认二进制文件目录 bin_dir="/opt/kube/bin" diff --git a/example/hosts.m-masters.example.en b/example/hosts.m-masters.example.en index 8aab239..67075e5 100644 --- a/example/hosts.m-masters.example.en +++ b/example/hosts.m-masters.example.en @@ -64,10 +64,6 @@ CLUSTER_DNS_SVC_IP="10.68.0.2" # Cluster DNS Domain CLUSTER_DNS_DOMAIN="cluster.local." -# Basic auth for apiserver (a random password will be gennerated on cluster setup) -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS="test1234" - # -------- Additional Variables -------------------- # Binaries Directory bin_dir="/opt/kube/bin" diff --git a/example/hosts.s-master.example b/example/hosts.s-master.example index 610a9b3..e8a2e38 100644 --- a/example/hosts.s-master.example +++ b/example/hosts.s-master.example @@ -54,10 +54,6 @@ CLUSTER_DNS_SVC_IP="10.68.0.2" # 集群 DNS 域名 CLUSTER_DNS_DOMAIN="cluster.local." -# 集群basic auth 使用的用户名和密码 (运行时会生成随机密码) -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS="test1234" - # ---------附加参数-------------------- #默认二进制文件目录 bin_dir="/opt/kube/bin" diff --git a/example/hosts.s-master.example.en b/example/hosts.s-master.example.en index d03b9b1..aa4a339 100644 --- a/example/hosts.s-master.example.en +++ b/example/hosts.s-master.example.en @@ -55,10 +55,6 @@ CLUSTER_DNS_SVC_IP="10.68.0.2" # Cluster DNS Domain CLUSTER_DNS_DOMAIN="cluster.local." -# Basic auth for apiserver (a random password will be gennerated on cluster setup) -BASIC_AUTH_USER="admin" -BASIC_AUTH_PASS="test1234" - # -------- Additional Variables -------------------- # Binaries Directory bin_dir="/opt/kube/bin" diff --git a/roles/deploy/tasks/main.yml b/roles/deploy/tasks/main.yml index 744dfe4..a1e8a06 100644 --- a/roles/deploy/tasks/main.yml +++ b/roles/deploy/tasks/main.yml @@ -32,12 +32,6 @@ when: p.stat.isreg is not defined shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert -initca ca-csr.json | {{ bin_dir }}/cfssljson -bare ca" -# 随机生成集群 basic auth 使用的密码 -- name: 生成随机 basic auth 密码 - shell: 'export PWD=`date +%s%N | md5sum | head -c 16`; sed -i "s/^BASIC_AUTH_PASS.*$/BASIC_AUTH_PASS=\"$PWD\"/g" {{ base_dir }}/hosts' - connection: local - when: p.stat.isreg is not defined - #----------- 创建kubectl kubeconfig文件: /root/.kube/config - name: 准备kubectl使用的admin 证书签名请求 template: src=admin-csr.json.j2 dest={{ ca_dir }}/admin-csr.json diff --git a/roles/kube-master/defaults/main.yml b/roles/kube-master/defaults/main.yml index a8d775a..57cfbd7 100644 --- a/roles/kube-master/defaults/main.yml +++ b/roles/kube-master/defaults/main.yml @@ -8,3 +8,10 @@ MASTER_CERT_HOSTS: - "k8s.test.io" #- "61.182.11.41" #- "www.test.com" + +# apiserver 基础认证(用户名/密码)配置 +# BASIC_AUTH_PASS 初次运行时会被随机密码覆盖 +# 在 master 节点文件‘/etc/kubernetes/ssl/basic-auth.csv’ 可以查看密码 +BASIC_AUTH_ENABLE: "yes" +BASIC_AUTH_USER: "admin" +BASIC_AUTH_PASS: "test1234"