kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(ssl-ca): mount ssl ca directories (#9794) 

Signed-off-by: Maxime Leroy <19607336+maxime1907@users.noreply.github.com>
pull/10149/head
Maxime Leroy 2023-05-29 04:43:42 +02:00 committed by GitHub
parent 8c32be5feb
commit 29f833e9a4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 51 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-controllerplugin.yml.j2
View File

@ -133,6 +133,13 @@ spec:
- name: ca-certs
mountPath: /etc/ssl/certs
readOnly: true
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
mountPath: {{ dir }}
readOnly: true
{% endfor %}
{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert
mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@ -148,6 +155,14 @@ spec:
hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
type: DirectoryOrCreate
{% endfor %}
{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert
hostPath:

15
roles/kubernetes-apps/csi_driver/cinder/templates/cinder-csi-nodeplugin.yml.j2
View File

@ -89,6 +89,13 @@ spec:
- name: ca-certs
mountPath: /etc/ssl/certs
readOnly: true
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
mountPath: {{ dir }}
readOnly: true
{% endfor %}
{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert
mountPath: {{ kube_config_dir }}/cinder-cacert.pem
@ -118,6 +125,14 @@ spec:
hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
type: DirectoryOrCreate
{% endfor %}
{% endif %}
{% if cinder_cacert is defined and cinder_cacert != "" %}
- name: cinder-cacert
hostPath:

27
roles/kubernetes-apps/external_cloud_controller/openstack/templates/external-openstack-cloud-controller-manager-ds.yml.j2
View File

@ -57,6 +57,13 @@ spec:
- mountPath: /etc/ssl/certs
name: ca-certs
readOnly: true
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
mountPath: {{ dir }}
readOnly: true
{% endfor %}
{% endif %}
- mountPath: /etc/config/cloud.conf
name: cloud-config-volume
readOnly: true
@ -78,19 +85,27 @@ spec:
hostNetwork: true
volumes:
{% if kubelet_flexvolumes_plugins_dir is defined %}
- hostPath:
- name: flexvolume-dir
hostPath:
path: "{{ kubelet_flexvolumes_plugins_dir }}"
type: DirectoryOrCreate
name: flexvolume-dir
{% endif %}
- hostPath:
- name: k8s-certs
hostPath:
path: /etc/kubernetes/pki
type: DirectoryOrCreate
name: k8s-certs
- hostPath:
- name: ca-certs
hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
name: ca-certs
{% if ssl_ca_dirs|length %}
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
type: DirectoryOrCreate
{% endfor %}
{% endif %}
- name: cloud-config-volume
secret:
secretName: external-openstack-cloud-config