mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 11:21:47 +00:00
Merge pull request #91228 from sambdavidson/iprotflags
Add SNI flags usage to configure-*.sh
This commit is contained in:
commit
52358fe010
@ -576,6 +576,13 @@ function create-master-pki {
|
|||||||
SERVICEACCOUNT_KEY="${MASTER_KEY}"
|
SERVICEACCOUNT_KEY="${MASTER_KEY}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -n "${OLD_MASTER_CERT:-}" && -n "${OLD_MASTER_KEY:-}" ]]; then
|
||||||
|
OLD_MASTER_CERT_PATH="${pki_dir}/oldapiserver.crt"
|
||||||
|
echo "${OLD_MASTER_CERT}" | base64 --decode > "${OLD_MASTER_CERT_PATH}"
|
||||||
|
OLD_MASTER_KEY_PATH="${pki_dir}/oldapiserver.key"
|
||||||
|
echo "${OLD_MASTER_KEY}" | base64 --decode > "${OLD_MASTER_KEY_PATH}"
|
||||||
|
fi
|
||||||
|
|
||||||
SERVICEACCOUNT_CERT_PATH="${pki_dir}/serviceaccount.crt"
|
SERVICEACCOUNT_CERT_PATH="${pki_dir}/serviceaccount.crt"
|
||||||
write-pki-data "${SERVICEACCOUNT_CERT}" "${SERVICEACCOUNT_CERT_PATH}"
|
write-pki-data "${SERVICEACCOUNT_CERT}" "${SERVICEACCOUNT_CERT_PATH}"
|
||||||
|
|
||||||
|
@ -82,6 +82,13 @@ function start-kube-apiserver {
|
|||||||
fi
|
fi
|
||||||
params+=" --tls-cert-file=${APISERVER_SERVER_CERT_PATH}"
|
params+=" --tls-cert-file=${APISERVER_SERVER_CERT_PATH}"
|
||||||
params+=" --tls-private-key-file=${APISERVER_SERVER_KEY_PATH}"
|
params+=" --tls-private-key-file=${APISERVER_SERVER_KEY_PATH}"
|
||||||
|
if [[ -n "${OLD_MASTER_IP:-}" ]]; then
|
||||||
|
local old_ips="${OLD_MASTER_IP}"
|
||||||
|
if [[ -n "${OLD_LOAD_BALANCER_IP}" ]]; then
|
||||||
|
old_ips+=",${OLD_LOAD_BALANCER_IP}"
|
||||||
|
fi
|
||||||
|
params+=" --tls-sni-cert-key=${OLD_MASTER_CERT_PATH},${OLD_MASTER_KEY_PATH}:${old_ips}"
|
||||||
|
fi
|
||||||
params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"
|
params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"
|
||||||
if [[ -s "${REQUESTHEADER_CA_CERT_PATH:-}" ]]; then
|
if [[ -s "${REQUESTHEADER_CA_CERT_PATH:-}" ]]; then
|
||||||
params+=" --requestheader-client-ca-file=${REQUESTHEADER_CA_CERT_PATH}"
|
params+=" --requestheader-client-ca-file=${REQUESTHEADER_CA_CERT_PATH}"
|
||||||
|
Loading…
Reference in New Issue
Block a user