Mount basic auth or token auth dirs to support it on kubeadm deployments
parent
118a7cd4ae
commit
cac485756b
|
@ -134,6 +134,19 @@ schedulerExtraArgs:
|
||||||
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
{{ key }}: "{{ kube_kubeadm_scheduler_extra_args[key] }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if kube_basic_auth|default(true) or kube_token_auth|default(true) %}
|
||||||
|
apiServerExtraVolumes:
|
||||||
|
{% if kube_basic_auth|default(true) %}
|
||||||
|
- name: basic-auth-config
|
||||||
|
hostPath: {{ kube_users_dir }}
|
||||||
|
mountPath: {{ kube_users_dir }}
|
||||||
|
{% endif %}
|
||||||
|
{% if kube_token_auth|default(true) %}
|
||||||
|
- name: token-auth-config
|
||||||
|
hostPath: {{ kube_token_dir }}
|
||||||
|
mountPath: {{ kube_token_dir }}
|
||||||
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
apiServerCertSANs:
|
apiServerCertSANs:
|
||||||
{% for san in apiserver_sans.split(' ') | unique %}
|
{% for san in apiserver_sans.split(' ') | unique %}
|
||||||
- {{ san }}
|
- {{ san }}
|
||||||
|
|
|
@ -123,8 +123,19 @@ controllerManagerExtraVolumes:
|
||||||
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if kubernetes_audit %}
|
{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %}
|
||||||
apiServerExtraVolumes:
|
apiServerExtraVolumes:
|
||||||
|
{% if kube_basic_auth|default(true) %}
|
||||||
|
- name: basic-auth-config
|
||||||
|
hostPath: {{ kube_users_dir }}
|
||||||
|
mountPath: {{ kube_users_dir }}
|
||||||
|
{% endif %}
|
||||||
|
{% if kube_token_auth|default(true) %}
|
||||||
|
- name: token-auth-config
|
||||||
|
hostPath: {{ kube_token_dir }}
|
||||||
|
mountPath: {{ kube_token_dir }}
|
||||||
|
{% endif %}
|
||||||
|
{% if kubernetes_audit %}
|
||||||
- name: {{ audit_policy_name }}
|
- name: {{ audit_policy_name }}
|
||||||
hostPath: {{ audit_policy_hostpath }}
|
hostPath: {{ audit_policy_hostpath }}
|
||||||
mountPath: {{ audit_policy_mountpath }}
|
mountPath: {{ audit_policy_mountpath }}
|
||||||
|
@ -135,6 +146,7 @@ apiServerExtraVolumes:
|
||||||
writable: true
|
writable: true
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
schedulerExtraArgs:
|
schedulerExtraArgs:
|
||||||
profiling: "{{ kube_profiling }}"
|
profiling: "{{ kube_profiling }}"
|
||||||
{% if kube_feature_gates %}
|
{% if kube_feature_gates %}
|
||||||
|
|
Loading…
Reference in New Issue