github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-13 13:14:05 +00:00
Code Issues Projects Releases Wiki Activity

Make secrets at cluster startup.

Browse Source 
These secrets will be used in subsequent PRs by:
scheduler, controller-manager, monitoring services,
logging services, and skydns.

Each of these services will then be able to stop using kubernetes-ro
or host networking.
This commit is contained in:
Eric Tune
2015-03-13 15:34:00 -07:00
parent 4a2000c4aa
commit 59daeabaee
2 changed files with 62 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cluster/gce/configure-vm.sh
View File

@@ -254,6 +254,13 @@ function create-salt-auth() {
kubelet_auth_file="/srv/salt-overlay/salt/kubelet/kubernetes_auth"
(umask 077;
echo "{\"BearerToken\": \"${KUBELET_TOKEN}\", \"Insecure\": true }" > "${kubelet_auth_file}")
# Generate tokens for other "service accounts". Append to known_tokens.
local -r service_accounts=("system:scheduler" "system:controller_manager" "system:logging" "system:monitoring" "system:dns")
for account in "${service_accounts[@]}"; do
token=$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64 | tr -d "=+/" | dd bs=32 count=1 2>/dev/null)
echo "${token},${account},${account}" >> "${known_tokens_file}"
done
}
function download-release() {