github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-05 11:12:03 +00:00
Code Issues Projects Releases Wiki Activity

Get Vagrant to start using TLS client certs.

Browse Source 
Also fix up cert generation. It was failing during the first salt highstate when trying to chown the certs as the apiserver user didn't exist yet.  Fix this by creating a 'kube-cert' group and chgrping the files to that.  Then make the apiserver a member of that group.

Fixes #2365
Fixes #2368
This commit is contained in:
Joe Beda
2014-11-13 22:14:56 -08:00
parent 7a6743808a
commit 5a0159ea00
11 changed files with 61 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cluster/vagrant/provision-master.sh
View File

@@ -70,6 +70,7 @@ grains:
master_ip: $MASTER_IP
network_mode: openvswitch
etcd_servers: $MASTER_IP
cloud: vagrant
cloud_provider: vagrant
roles:
- kubernetes-master
@@ -78,6 +79,7 @@ EOF
mkdir -p /srv/salt-overlay/pillar
cat <<EOF >/srv/salt-overlay/pillar/cluster-params.sls
portal_net: $PORTAL_NET
cert_ip: $MASTER_IP
EOF
# Configure the salt-master

25
cluster/vagrant/util.sh
View File

@@ -43,6 +43,29 @@ function kube-up {
get-password
vagrant up
local kube_cert=".kubecfg.vagrant.crt"
local kube_key=".kubecfg.vagrant.key"
local ca_cert=".kubernetes.vagrant.ca.crt"
(umask 077
vagrant ssh master -- sudo cat /srv/kubernetes/kubecfg.crt >"${HOME}/${kube_cert}" 2>/dev/null
vagrant ssh master -- sudo cat /srv/kubernetes/kubecfg.key >"${HOME}/${kube_key}" 2>/dev/null
vagrant ssh master -- sudo cat /srv/kubernetes/ca.crt >"${HOME}/${ca_cert}" 2>/dev/null
cat << EOF > ~/.kubernetes_vagrant_auth
{
"User": "$KUBE_USER",
"Password": "$KUBE_PASSWORD",
"CAFile": "$HOME/$ca_cert",
"CertFile": "$HOME/$kube_cert",
"KeyFile": "$HOME/$kube_key"
}
EOF
chmod 0600 ~/.kubernetes_auth "${HOME}/${kube_cert}" \
"${HOME}/${kube_key}" "${HOME}/${ca_cert}"
)
echo "Each machine instance has been created."
echo " Now waiting for the Salt provisioning process to complete on each machine."
echo " This can take some time based on your network, disk, and cpu speed."
@@ -108,7 +131,7 @@ function kube-up {
echo
echo " https://${KUBE_MASTER_IP}"
echo
echo "The user name and password to use is located in ~/.kubernetes_auth."
echo "The user name and password to use is located in ~/.kubernetes_vagrant_auth."
echo
}