Revert "Fix #4237: update kube cert path (#4354)" (#4369)

This reverts commit ea7a6f1cf1.

This change modified the certs dir for Kubernetes, but did not move the directories for existing clusters.
pull/4379/head
Matthew Mosesohn 2019-03-20 05:56:57 -07:00 committed by Kubernetes Prow Robot
parent e640233947
commit ec08303f82
9 changed files with 11 additions and 15 deletions

View File

@ -412,13 +412,13 @@ sudo route add -net [internal-subnet]/24 gw [router-ip]
``` ```
3. List Kubernetes certificates & keys: 3. List Kubernetes certificates & keys:
``` ```
ssh [os-user]@[master-ip] sudo ls /etc/kubernetes/pki/ ssh [os-user]@[master-ip] sudo ls /etc/kubernetes/ssl/
``` ```
4. Get `admin`'s certificates and keys: 4. Get `admin`'s certificates and keys:
``` ```
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/pki/admin-kube-master-k8s-master-1-key.pem > admin-key.pem ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/ssl/admin-kube-master-1-key.pem > admin-key.pem
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/pki/admin-kube-master-k8s-master-1.pem > admin.pem ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/ssl/admin-kube-master-1.pem > admin.pem
ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/pki/ca.pem > ca.pem ssh [os-user]@[master-ip] sudo cat /etc/kubernetes/ssl/ca.pem > ca.pem
``` ```
5. Configure kubectl: 5. Configure kubectl:
```ShellSession ```ShellSession

View File

@ -114,7 +114,7 @@ vault_client_headers:
Content-Type: "application/json" Content-Type: "application/json"
etcd_cert_dir: /etc/ssl/etcd/ssl etcd_cert_dir: /etc/ssl/etcd/ssl
kube_cert_dir: /etc/kubernetes/pki kube_cert_dir: /etc/kubernetes/ssl
vault_pki_mounts: vault_pki_mounts:
userpass: userpass:

View File

@ -76,8 +76,8 @@ generated elsewhere, you'll need to copy the certificate and key to the hosts in
* ``/etc/ssl/etcd/ssl/ca.pem`` * ``/etc/ssl/etcd/ssl/ca.pem``
* ``/etc/ssl/etcd/ssl/ca-key.pem`` * ``/etc/ssl/etcd/ssl/ca-key.pem``
* kubernetes: * kubernetes:
* ``/etc/kubernetes/pki/ca.pem`` * ``/etc/kubernetes/ssl/ca.pem``
* ``/etc/kubernetes/pki/ca-key.pem`` * ``/etc/kubernetes/ssl/ca-key.pem``
Additional Notes: Additional Notes:

View File

@ -8,9 +8,7 @@ kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests" kube_manifest_dir: "{{ kube_config_dir }}/manifests"
# This is where all the cert scripts and certs will be located # This is where all the cert scripts and certs will be located
# For old version of k8s next line should be used instead kube_cert_dir: "{{ kube_config_dir }}/ssl"
# kube_cert_dir: "{{ kube_config_dir }}/ssl"
kube_cert_dir: "{{ kube_config_dir }}/pki"
# This is where all of the bearer tokens will be stored # This is where all of the bearer tokens will be stored
kube_token_dir: "{{ kube_config_dir }}/tokens" kube_token_dir: "{{ kube_config_dir }}/tokens"

View File

@ -4,5 +4,4 @@ kubectl_localhost: false
artifacts_dir: "{{ inventory_dir }}/artifacts" artifacts_dir: "{{ inventory_dir }}/artifacts"
kube_config_dir: "/etc/kubernetes" kube_config_dir: "/etc/kubernetes"
kube_cert_dir: "{{ kube_config_dir }}/pki"
kube_apiserver_port: "6443" kube_apiserver_port: "6443"

View File

@ -49,7 +49,7 @@
kubeconfig user kubeconfig user
--client-name kubernetes-admin --client-name kubernetes-admin
--org system:masters --org system:masters
--cert-dir {{ kube_cert_dir }} --cert-dir {{ kube_config_dir }}/ssl
--apiserver-advertise-address {{ external_apiserver_address }} --apiserver-advertise-address {{ external_apiserver_address }}
--apiserver-bind-port {{ external_apiserver_port }} --apiserver-bind-port {{ external_apiserver_port }}
run_once: yes run_once: yes

View File

@ -71,7 +71,7 @@
tags: facts tags: facts
- name: kubeadm | Copy etcd cert dir under k8s cert dir - name: kubeadm | Copy etcd cert dir under k8s cert dir
command: "cp -TR {{ etcd_cert_dir }} {{ kube_cert_dir }}/etcd" command: "cp -TR {{ etcd_cert_dir }} {{ kube_config_dir }}/ssl/etcd"
changed_when: false changed_when: false
- name: Create audit-policy directory - name: Create audit-policy directory

View File

@ -25,7 +25,6 @@ disable_ipv6_dns: false
kube_cert_group: kube-cert kube_cert_group: kube-cert
kube_config_dir: /etc/kubernetes kube_config_dir: /etc/kubernetes
kube_cert_dir: "{{ kube_config_dir }}/pki"
# Container Linux by CoreOS cloud init config file to define /etc/resolv.conf content # Container Linux by CoreOS cloud init config file to define /etc/resolv.conf content
# for hostnet pods and infra needs # for hostnet pods and infra needs

View File

@ -93,7 +93,7 @@ kube_script_dir: "{{ bin_dir }}/kubernetes-scripts"
kube_manifest_dir: "{{ kube_config_dir }}/manifests" kube_manifest_dir: "{{ kube_config_dir }}/manifests"
# This is where all the cert scripts and certs will be located # This is where all the cert scripts and certs will be located
kube_cert_dir: "{{ kube_config_dir }}/pki" kube_cert_dir: "{{ kube_config_dir }}/ssl"
# This is where all of the bearer tokens will be stored # This is where all of the bearer tokens will be stored
kube_token_dir: "{{ kube_config_dir }}/tokens" kube_token_dir: "{{ kube_config_dir }}/tokens"