easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix aggregator proxy client cert issue

pull/243/merge
gjmzj 2018-06-17 13:07:57 +08:00
parent 2006eb6a5c
commit d66a5ef5ba
4 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
roles/kube-master/tasks/main.yml
View File

@ -24,6 +24,19 @@
-config={{ ca_dir }}/ca-config.json \ -config={{ ca_dir }}/ca-config.json \
-profile=kubernetes kubernetes-csr.json | {{ bin_dir }}/cfssljson -bare kubernetes" -profile=kubernetes kubernetes-csr.json | {{ bin_dir }}/cfssljson -bare kubernetes"
# 创建aggregator proxy相关证书
- name: 创建 aggregator proxy证书签名请求
template: src=aggregator-proxy-csr.json.j2 dest={{ ca_dir }}/aggregator-proxy-csr.json
when: p.stat.isreg is not defined
- name: 创建 aggregator-proxy证书和私钥
when: p.stat.isreg is not defined
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes aggregator-proxy-csr.json | {{ bin_dir }}/cfssljson -bare aggregator-proxy"
- name: 创建 token.csv - name: 创建 token.csv
template: src=token.csv.j2 dest={{ ca_dir }}/token.csv template: src=token.csv.j2 dest={{ ca_dir }}/token.csv

17
roles/kube-master/templates/aggregator-proxy-csr.json.j2 100644
View File

@ -0,0 +1,17 @@
{
"CN": "aggregator",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "HangZhou",
"L": "XS",
"O": "k8s",
"OU": "System"
}
]
}

4
roles/kube-master/templates/kube-apiserver-v1.8.service.j2
View File

@ -39,8 +39,8 @@ ExecStart={{ bin_dir }}/kube-apiserver \
--requestheader-extra-headers-prefix=X-Remote-Extra- \ --requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \ --requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \ --requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file={{ ca_dir }}/admin.pem \ --proxy-client-cert-file={{ ca_dir }}/aggregator-proxy.pem \
--proxy-client-key-file={{ ca_dir }}/admin-key.pem \ --proxy-client-key-file={{ ca_dir }}/aggregator-proxy-key.pem \
--enable-aggregator-routing=true \ --enable-aggregator-routing=true \
--v=2 --v=2
Restart=on-failure Restart=on-failure

4
roles/kube-master/templates/kube-apiserver.service.j2
View File

@ -39,8 +39,8 @@ ExecStart={{ bin_dir }}/kube-apiserver \
--requestheader-extra-headers-prefix=X-Remote-Extra- \ --requestheader-extra-headers-prefix=X-Remote-Extra- \
--requestheader-group-headers=X-Remote-Group \ --requestheader-group-headers=X-Remote-Group \
--requestheader-username-headers=X-Remote-User \ --requestheader-username-headers=X-Remote-User \
--proxy-client-cert-file={{ ca_dir }}/admin.pem \ --proxy-client-cert-file={{ ca_dir }}/aggregator-proxy.pem \
--proxy-client-key-file={{ ca_dir }}/admin-key.pem \ --proxy-client-key-file={{ ca_dir }}/aggregator-proxy-key.pem \
--enable-aggregator-routing=true \ --enable-aggregator-routing=true \
--v=2 --v=2
Restart=on-failure Restart=on-failure