Mount basic auth or token auth dirs to support it on kubeadm deployments

pull/3351/head
Andreas Kruger 2018-09-19 13:21:58 +02:00
parent 118a7cd4ae
commit cac485756b
2 changed files with 26 additions and 1 deletions

View File

@ -134,6 +134,19 @@ schedulerExtraArgs:
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}" {{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) %}
apiServerExtraVolumes:
{% if kube_basic_auth|default(true) %}
- name: basic-auth-config
hostPath: {{ kube_users_dir }}
mountPath: {{ kube_users_dir }}
{% endif %}
{% if kube_token_auth|default(true) %}
- name: token-auth-config
hostPath: {{ kube_token_dir }}
mountPath: {{ kube_token_dir }}
{% endif %}
{% endif %}
apiServerCertSANs: apiServerCertSANs:
{% for san in apiserver_sans.split(' ') | unique %} {% for san in apiserver_sans.split(' ') | unique %}
- {{ san }} - {{ san }}

View File

@ -123,8 +123,19 @@ controllerManagerExtraVolumes:
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem" hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem" mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
{% endif %} {% endif %}
{% if kubernetes_audit %} {% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %}
apiServerExtraVolumes: apiServerExtraVolumes:
{% if kube_basic_auth|default(true) %}
- name: basic-auth-config
hostPath: {{ kube_users_dir }}
mountPath: {{ kube_users_dir }}
{% endif %}
{% if kube_token_auth|default(true) %}
- name: token-auth-config
hostPath: {{ kube_token_dir }}
mountPath: {{ kube_token_dir }}
{% endif %}
{% if kubernetes_audit %}
- name: {{ audit_policy_name }} - name: {{ audit_policy_name }}
hostPath: {{ audit_policy_hostpath }} hostPath: {{ audit_policy_hostpath }}
mountPath: {{ audit_policy_mountpath }} mountPath: {{ audit_policy_mountpath }}
@ -135,6 +146,7 @@ apiServerExtraVolumes:
writable: true writable: true
{% endif %} {% endif %}
{% endif %} {% endif %}
{% endif %}
schedulerExtraArgs: schedulerExtraArgs:
profiling: "{{ kube_profiling }}" profiling: "{{ kube_profiling }}"
{% if kube_feature_gates %} {% if kube_feature_gates %}