Kubelet talks securely to apiserver.

Configure apiserver to serve Securely on port 6443. Generate token for kubelets during master VM startup. Put token into file apiserver can get and another file the kubelets can get. Added e2e test.
2026-01-05 15:37:24 +00:00 · 2014-11-13 15:45:34 -08:00
parent df0981bc01
commit 46dcacfa93
6 changed files with 114 additions and 2 deletions
--- a/cluster/saltbase/salt/kube-apiserver/init.sls
+++ b/cluster/saltbase/salt/kube-apiserver/init.sls
@@ -38,6 +38,13 @@

 {% endif %}

+/srv/kubernetes/known_tokens.csv:
+  file.managed:
+    - source: salt://kube-apiserver/known_tokens.csv
+    - user: kube-apiserver
+    - group: kube-apiserver
+    - mode: 400
+
 kube-apiserver:
  group.present:
    - system: True