mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 04:33:26 +00:00
Merge pull request #40893 from mikedanese/kubelet-auth
Automatic merge from submit-queue (batch tested with PRs 40175, 41107, 41111, 40893, 40919) remove second CA used for kubelet auth in favor of webhook auth partial fixes upgrade test.
This commit is contained in:
commit
bdfa947a18
14
cluster/addons/rbac/apiserver-node-proxy-binding.yaml
Normal file
14
cluster/addons/rbac/apiserver-node-proxy-binding.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: apiserver-node-proxy
|
||||||
|
labels:
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: node-proxy
|
||||||
|
subjects:
|
||||||
|
- apiVersion: rbac/v1beta1
|
||||||
|
kind: User
|
||||||
|
name: kube-apiserver
|
23
cluster/addons/rbac/node-proxy-role.yaml
Normal file
23
cluster/addons/rbac/node-proxy-role.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: node-proxy
|
||||||
|
labels:
|
||||||
|
kubernetes.io/cluster-service: "true"
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- nodes/proxy
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- nodes/log
|
||||||
|
- nodes/stats
|
||||||
|
- nodes/metrics
|
||||||
|
- nodes/spec
|
||||||
|
verbs:
|
||||||
|
- get
|
@ -585,7 +585,6 @@ function build-kube-master-certs {
|
|||||||
cat >$file <<EOF
|
cat >$file <<EOF
|
||||||
KUBEAPISERVER_CERT: $(yaml-quote ${KUBEAPISERVER_CERT_BASE64:-})
|
KUBEAPISERVER_CERT: $(yaml-quote ${KUBEAPISERVER_CERT_BASE64:-})
|
||||||
KUBEAPISERVER_KEY: $(yaml-quote ${KUBEAPISERVER_KEY_BASE64:-})
|
KUBEAPISERVER_KEY: $(yaml-quote ${KUBEAPISERVER_KEY_BASE64:-})
|
||||||
KUBELET_AUTH_CA_CERT: $(yaml-quote ${KUBELET_AUTH_CA_CERT_BASE64:-})
|
|
||||||
CA_KEY: $(yaml-quote ${CA_KEY_BASE64:-})
|
CA_KEY: $(yaml-quote ${CA_KEY_BASE64:-})
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
@ -802,7 +801,6 @@ EOF
|
|||||||
KUBERNETES_MASTER: $(yaml-quote "false")
|
KUBERNETES_MASTER: $(yaml-quote "false")
|
||||||
ZONE: $(yaml-quote ${ZONE})
|
ZONE: $(yaml-quote ${ZONE})
|
||||||
EXTRA_DOCKER_OPTS: $(yaml-quote ${EXTRA_DOCKER_OPTS:-})
|
EXTRA_DOCKER_OPTS: $(yaml-quote ${EXTRA_DOCKER_OPTS:-})
|
||||||
KUBELET_AUTH_CA_CERT: $(yaml-quote ${KUBELET_AUTH_CA_CERT_BASE64:-})
|
|
||||||
EOF
|
EOF
|
||||||
if [ -n "${KUBEPROXY_TEST_ARGS:-}" ]; then
|
if [ -n "${KUBEPROXY_TEST_ARGS:-}" ]; then
|
||||||
cat >>$file <<EOF
|
cat >>$file <<EOF
|
||||||
@ -970,9 +968,8 @@ function create-certs {
|
|||||||
KUBELET_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/kubelet.key" | base64 | tr -d '\r\n')
|
KUBELET_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/kubelet.key" | base64 | tr -d '\r\n')
|
||||||
KUBECFG_CERT_BASE64=$(cat "${CERT_DIR}/pki/issued/kubecfg.crt" | base64 | tr -d '\r\n')
|
KUBECFG_CERT_BASE64=$(cat "${CERT_DIR}/pki/issued/kubecfg.crt" | base64 | tr -d '\r\n')
|
||||||
KUBECFG_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/kubecfg.key" | base64 | tr -d '\r\n')
|
KUBECFG_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/kubecfg.key" | base64 | tr -d '\r\n')
|
||||||
KUBELET_AUTH_CA_CERT_BASE64=$(cat "${KUBE_TEMP}/easy-rsa-master/kubelet/pki/ca.crt" | base64 | tr -d '\r\n')
|
KUBEAPISERVER_CERT_BASE64=$(cat "${CERT_DIR}/pki/issued/kube-apiserver.crt" | base64 | tr -d '\r\n')
|
||||||
KUBEAPISERVER_CERT_BASE64=$(cat "${KUBE_TEMP}/easy-rsa-master/kubelet/pki/issued/kube-apiserver.crt" | base64 | tr -d '\r\n')
|
KUBEAPISERVER_KEY_BASE64=$(cat "${CERT_DIR}/pki/private/kube-apiserver.key" | base64 | tr -d '\r\n')
|
||||||
KUBEAPISERVER_KEY_BASE64=$(cat "${KUBE_TEMP}/easy-rsa-master/kubelet/pki/private/kube-apiserver.key" | base64 | tr -d '\r\n')
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Runs the easy RSA commands to generate certificate files.
|
# Runs the easy RSA commands to generate certificate files.
|
||||||
@ -999,6 +996,7 @@ function generate-certs {
|
|||||||
# this puts the cert into pki/ca.crt and the key into pki/private/ca.key
|
# this puts the cert into pki/ca.crt and the key into pki/private/ca.key
|
||||||
./easyrsa --batch "--req-cn=${PRIMARY_CN}@$(date +%s)" build-ca nopass
|
./easyrsa --batch "--req-cn=${PRIMARY_CN}@$(date +%s)" build-ca nopass
|
||||||
./easyrsa --subject-alt-name="${SANS}" build-server-full "${MASTER_NAME}" nopass
|
./easyrsa --subject-alt-name="${SANS}" build-server-full "${MASTER_NAME}" nopass
|
||||||
|
./easyrsa build-client-full kube-apiserver nopass
|
||||||
|
|
||||||
download-cfssl
|
download-cfssl
|
||||||
|
|
||||||
@ -1014,12 +1012,7 @@ function generate-certs {
|
|||||||
./easyrsa --dn-mode=org \
|
./easyrsa --dn-mode=org \
|
||||||
--req-cn=kubecfg --req-org=system:masters \
|
--req-cn=kubecfg --req-org=system:masters \
|
||||||
--req-c= --req-st= --req-city= --req-email= --req-ou= \
|
--req-c= --req-st= --req-city= --req-email= --req-ou= \
|
||||||
build-client-full kubecfg nopass
|
build-client-full kubecfg nopass) &>${cert_create_debug_output} || {
|
||||||
|
|
||||||
cd ../kubelet
|
|
||||||
./easyrsa init-pki
|
|
||||||
./easyrsa --batch "--req-cn=kubelet@$(date +%s)" build-ca nopass
|
|
||||||
./easyrsa build-client-full kube-apiserver nopass) &>${cert_create_debug_output} || {
|
|
||||||
# If there was an error in the subshell, just die.
|
# If there was an error in the subshell, just die.
|
||||||
# TODO(roberthbailey): add better error handling here
|
# TODO(roberthbailey): add better error handling here
|
||||||
cat "${cert_create_debug_output}" >&2
|
cat "${cert_create_debug_output}" >&2
|
||||||
|
@ -630,11 +630,6 @@ EOF
|
|||||||
if [ -n "${SCHEDULING_ALGORITHM_PROVIDER:-}" ]; then
|
if [ -n "${SCHEDULING_ALGORITHM_PROVIDER:-}" ]; then
|
||||||
cat <<EOF >>/srv/salt-overlay/pillar/cluster-params.sls
|
cat <<EOF >>/srv/salt-overlay/pillar/cluster-params.sls
|
||||||
scheduling_algorithm_provider: '$(echo "${SCHEDULING_ALGORITHM_PROVIDER}" | sed -e "s/'/''/g")'
|
scheduling_algorithm_provider: '$(echo "${SCHEDULING_ALGORITHM_PROVIDER}" | sed -e "s/'/''/g")'
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
if [ -n "${KUBELET_AUTH_CA_CERT:-}" ]; then
|
|
||||||
cat <<EOF >>/srv/salt-overlay/pillar/cluster-params.sls
|
|
||||||
kubelet_auth_ca_cert: /var/lib/kubelet/kubelet_auth_ca.crt
|
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -755,11 +750,9 @@ current-context: service-account-context
|
|||||||
EOF
|
EOF
|
||||||
)
|
)
|
||||||
fi
|
fi
|
||||||
local -r kubelet_auth_ca_file="/srv/salt-overlay/salt/kubelet/kubelet_auth_ca.crt"
|
local -r client_ca_file="/srv/salt-overlay/salt/kubelet/ca.crt"
|
||||||
if [ ! -e "${kubelet_auth_ca_file}" ] && [[ ! -z "${KUBELET_AUTH_CA_CERT:-}" ]]; then
|
(umask 077;
|
||||||
(umask 077;
|
echo "${KUBELET_CA_CERT}" | base64 --decode > "${client_ca_file}")
|
||||||
echo "${KUBELET_AUTH_CA_CERT}" | base64 --decode > "${kubelet_auth_ca_file}")
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# This should happen both on cluster initialization and node upgrades.
|
# This should happen both on cluster initialization and node upgrades.
|
||||||
|
@ -369,12 +369,7 @@ contexts:
|
|||||||
name: service-account-context
|
name: service-account-context
|
||||||
current-context: service-account-context
|
current-context: service-account-context
|
||||||
EOF
|
EOF
|
||||||
}
|
echo "${KUBELET_CA_CERT}" | base64 -d > /var/lib/kubelet/ca.crt
|
||||||
|
|
||||||
function create-kubelet-auth-ca {
|
|
||||||
if [[ -n "${KUBELET_AUTH_CA_CERT:-}" ]]; then
|
|
||||||
echo "${KUBELET_AUTH_CA_CERT}" | base64 --decode > "/var/lib/kubelet/kubelet_auth_ca.crt"
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Uses KUBELET_CA_CERT (falling back to CA_CERT), KUBELET_CERT, and KUBELET_KEY
|
# Uses KUBELET_CA_CERT (falling back to CA_CERT), KUBELET_CERT, and KUBELET_KEY
|
||||||
@ -388,7 +383,6 @@ function create-master-kubelet-auth {
|
|||||||
REGISTER_MASTER_KUBELET="true"
|
REGISTER_MASTER_KUBELET="true"
|
||||||
create-kubelet-kubeconfig
|
create-kubelet-kubeconfig
|
||||||
fi
|
fi
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function create-kubeproxy-kubeconfig {
|
function create-kubeproxy-kubeconfig {
|
||||||
@ -582,9 +576,7 @@ function start-kubelet {
|
|||||||
[[ "${HAIRPIN_MODE:-}" == "none" ]]; then
|
[[ "${HAIRPIN_MODE:-}" == "none" ]]; then
|
||||||
flags+=" --hairpin-mode=${HAIRPIN_MODE}"
|
flags+=" --hairpin-mode=${HAIRPIN_MODE}"
|
||||||
fi
|
fi
|
||||||
if [ -n "${KUBELET_AUTH_CA_CERT:-}" ]; then
|
flags+=" --anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/var/lib/kubelet/ca.crt"
|
||||||
flags+=" --anonymous-auth=false --client-ca-file=/var/lib/kubelet/kubelet_auth_ca.crt"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
# Network plugin
|
# Network plugin
|
||||||
if [[ -n "${NETWORK_PROVIDER:-}" ]]; then
|
if [[ -n "${NETWORK_PROVIDER:-}" ]]; then
|
||||||
@ -829,8 +821,10 @@ function start-kube-apiserver {
|
|||||||
params+=" --secure-port=443"
|
params+=" --secure-port=443"
|
||||||
params+=" --tls-cert-file=/etc/srv/kubernetes/server.cert"
|
params+=" --tls-cert-file=/etc/srv/kubernetes/server.cert"
|
||||||
params+=" --tls-private-key-file=/etc/srv/kubernetes/server.key"
|
params+=" --tls-private-key-file=/etc/srv/kubernetes/server.key"
|
||||||
params+=" --kubelet-client-certificate=/etc/srv/kubernetes/kubeapiserver.cert"
|
if [[ -e /etc/srv/kubernetes/kubeapiserver.cert ]] && [[ -e /etc/srv/kubernetes/kubeapiserver.key ]]; then
|
||||||
params+=" --kubelet-client-key=/etc/srv/kubernetes/kubeapiserver.key"
|
params+=" --kubelet-client-certificate=/etc/srv/kubernetes/kubeapiserver.cert"
|
||||||
|
params+=" --kubelet-client-key=/etc/srv/kubernetes/kubeapiserver.key"
|
||||||
|
fi
|
||||||
params+=" --token-auth-file=/etc/srv/kubernetes/known_tokens.csv"
|
params+=" --token-auth-file=/etc/srv/kubernetes/known_tokens.csv"
|
||||||
if [[ -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then
|
if [[ -n "${KUBE_PASSWORD:-}" && -n "${KUBE_USER:-}" ]]; then
|
||||||
params+=" --basic-auth-file=/etc/srv/kubernetes/basic_auth.csv"
|
params+=" --basic-auth-file=/etc/srv/kubernetes/basic_auth.csv"
|
||||||
@ -1099,9 +1093,13 @@ function start-kube-addons {
|
|||||||
local -r src_dir="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty"
|
local -r src_dir="${KUBE_HOME}/kube-manifests/kubernetes/gci-trusty"
|
||||||
local -r dst_dir="/etc/kubernetes/addons"
|
local -r dst_dir="/etc/kubernetes/addons"
|
||||||
|
|
||||||
|
# TODO(mikedanese): only enable these in e2e
|
||||||
# prep the additional bindings that are particular to e2e users and groups
|
# prep the additional bindings that are particular to e2e users and groups
|
||||||
setup-addon-manifests "addons" "e2e-rbac-bindings"
|
setup-addon-manifests "addons" "e2e-rbac-bindings"
|
||||||
|
|
||||||
|
# prep addition kube-up specific rbac objects
|
||||||
|
setup-addon-manifests "addons" "rbac"
|
||||||
|
|
||||||
# Set up manifests of other addons.
|
# Set up manifests of other addons.
|
||||||
if [[ "${ENABLE_CLUSTER_MONITORING:-}" == "influxdb" ]] || \
|
if [[ "${ENABLE_CLUSTER_MONITORING:-}" == "influxdb" ]] || \
|
||||||
[[ "${ENABLE_CLUSTER_MONITORING:-}" == "google" ]] || \
|
[[ "${ENABLE_CLUSTER_MONITORING:-}" == "google" ]] || \
|
||||||
@ -1345,7 +1343,6 @@ if [[ "${KUBERNETES_MASTER:-}" == "true" ]]; then
|
|||||||
create-master-etcd-auth
|
create-master-etcd-auth
|
||||||
else
|
else
|
||||||
create-kubelet-kubeconfig
|
create-kubelet-kubeconfig
|
||||||
create-kubelet-auth-ca
|
|
||||||
create-kubeproxy-kubeconfig
|
create-kubeproxy-kubeconfig
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -233,9 +233,6 @@ function prepare-node-upgrade() {
|
|||||||
KUBELET_CERT_BASE64=$(get-env-val "${node_env}" "KUBELET_CERT")
|
KUBELET_CERT_BASE64=$(get-env-val "${node_env}" "KUBELET_CERT")
|
||||||
KUBELET_KEY_BASE64=$(get-env-val "${node_env}" "KUBELET_KEY")
|
KUBELET_KEY_BASE64=$(get-env-val "${node_env}" "KUBELET_KEY")
|
||||||
|
|
||||||
local master_env=$(get-master-env)
|
|
||||||
KUBELET_AUTH_CA_CERT_BASE64=$(get-env-val "${master_env}" "KUBELET_AUTH_CA_CERT")
|
|
||||||
|
|
||||||
# TODO(zmerlynn): How do we ensure kube-env is written in a ${version}-
|
# TODO(zmerlynn): How do we ensure kube-env is written in a ${version}-
|
||||||
# compatible way?
|
# compatible way?
|
||||||
write-node-env
|
write-node-env
|
||||||
|
@ -188,10 +188,7 @@
|
|||||||
{% set eviction_hard="--eviction-hard=" + pillar['eviction_hard'] %}
|
{% set eviction_hard="--eviction-hard=" + pillar['eviction_hard'] %}
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
{% set kubelet_auth_ca_cert = "" %}
|
{% set kubelet_auth = "--anonymous-auth=false --authorization-mode=Webhook --client-ca-file=/var/lib/kubelet/ca.crt" %}
|
||||||
{% if pillar['kubelet_auth_ca_cert'] is defined -%}
|
|
||||||
{% set kubelet_auth_ca_cert="--anonymous-auth=false --client-ca-file=" + pillar['kubelet_auth_ca_cert'] %}
|
|
||||||
{% endif -%}
|
|
||||||
|
|
||||||
# test_args has to be kept at the end, so they'll overwrite any prior configuration
|
# test_args has to be kept at the end, so they'll overwrite any prior configuration
|
||||||
DAEMON_ARGS="{{daemon_args}} {{api_servers_with_port}} {{debugging_handlers}} {{hostname_override}} {{cloud_provider}} {{cloud_config}} {{config}} {{manifest_url}} --allow-privileged={{pillar['allow_privileged']}} {{log_level}} {{cluster_dns}} {{cluster_domain}} {{docker_root}} {{kubelet_root}} {{non_masquerade_cidr}} {{cgroup_root}} {{system_container}} {{pod_cidr}} {{ master_kubelet_args }} {{cpu_cfs_quota}} {{network_plugin}} {{kubelet_port}} {{ hairpin_mode }} {{enable_custom_metrics}} {{runtime_container}} {{kubelet_container}} {{node_labels}} {{babysit_daemons}} {{eviction_hard}} {{kubelet_auth_ca_cert}} {{feature_gates}} {{test_args}}"
|
DAEMON_ARGS="{{daemon_args}} {{api_servers_with_port}} {{debugging_handlers}} {{hostname_override}} {{cloud_provider}} {{cloud_config}} {{config}} {{manifest_url}} --allow-privileged={{pillar['allow_privileged']}} {{log_level}} {{cluster_dns}} {{cluster_domain}} {{docker_root}} {{kubelet_root}} {{non_masquerade_cidr}} {{cgroup_root}} {{system_container}} {{pod_cidr}} {{ master_kubelet_args }} {{cpu_cfs_quota}} {{network_plugin}} {{kubelet_port}} {{ hairpin_mode }} {{enable_custom_metrics}} {{runtime_container}} {{kubelet_container}} {{node_labels}} {{babysit_daemons}} {{eviction_hard}} {{kubelet_auth}} {{feature_gates}} {{test_args}}"
|
||||||
|
@ -31,15 +31,13 @@
|
|||||||
- mode: 400
|
- mode: 400
|
||||||
- makedirs: true
|
- makedirs: true
|
||||||
|
|
||||||
{% if pillar['kubelet_auth_ca_cert'] is defined %}
|
/var/lib/kubelet/ca.crt:
|
||||||
/var/lib/kubelet/kubelet_auth_ca.crt:
|
|
||||||
file.managed:
|
file.managed:
|
||||||
- source: salt://kubelet/kubelet_auth_ca.crt
|
- source: salt://kubelet/ca.crt
|
||||||
- user: root
|
- user: root
|
||||||
- group: root
|
- group: root
|
||||||
- mode: 400
|
- mode: 400
|
||||||
- makedirs: true
|
- makedirs: true
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if pillar.get('is_systemd') %}
|
{% if pillar.get('is_systemd') %}
|
||||||
|
|
||||||
@ -61,7 +59,7 @@ fix-service-kubelet:
|
|||||||
- file: {{ pillar.get('systemd_system_path') }}/kubelet.service
|
- file: {{ pillar.get('systemd_system_path') }}/kubelet.service
|
||||||
- file: {{ environment_file }}
|
- file: {{ environment_file }}
|
||||||
- file: /var/lib/kubelet/kubeconfig
|
- file: /var/lib/kubelet/kubeconfig
|
||||||
- file: /var/lib/kubelet/kubelet_auth_ca.crt
|
- file: /var/lib/kubelet/ca.crt
|
||||||
|
|
||||||
{% else %}
|
{% else %}
|
||||||
|
|
||||||
@ -89,9 +87,7 @@ kubelet:
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
- file: {{ environment_file }}
|
- file: {{ environment_file }}
|
||||||
- file: /var/lib/kubelet/kubeconfig
|
- file: /var/lib/kubelet/kubeconfig
|
||||||
{% if pillar['kubelet_auth_ca_cert'] is defined %}
|
- file: /var/lib/kubelet/ca.crt
|
||||||
- file: /var/lib/kubelet/kubelet_auth_ca.crt
|
|
||||||
{% endif %}
|
|
||||||
{% if pillar.get('is_systemd') %}
|
{% if pillar.get('is_systemd') %}
|
||||||
- provider:
|
- provider:
|
||||||
- service: systemd
|
- service: systemd
|
||||||
|
@ -14,6 +14,7 @@ cluster/gce/configure-vm.sh: cloud_config: ${CLOUD_CONFIG}
|
|||||||
cluster/gce/configure-vm.sh: env-to-grains "feature_gates"
|
cluster/gce/configure-vm.sh: env-to-grains "feature_gates"
|
||||||
cluster/gce/configure-vm.sh: env-to-grains "runtime_config"
|
cluster/gce/configure-vm.sh: env-to-grains "runtime_config"
|
||||||
cluster/gce/configure-vm.sh: kubelet_api_servers: '${KUBELET_APISERVER}'
|
cluster/gce/configure-vm.sh: kubelet_api_servers: '${KUBELET_APISERVER}'
|
||||||
|
cluster/gce/configure-vm.sh: local -r client_ca_file="/srv/salt-overlay/salt/kubelet/ca.crt"
|
||||||
cluster/gce/container-linux/configure-helper.sh: authorization_mode+=",ABAC"
|
cluster/gce/container-linux/configure-helper.sh: authorization_mode+=",ABAC"
|
||||||
cluster/gce/container-linux/configure-helper.sh: authorization_mode+=",Webhook"
|
cluster/gce/container-linux/configure-helper.sh: authorization_mode+=",Webhook"
|
||||||
cluster/gce/container-linux/configure-helper.sh: local api_servers="--master=https://${KUBERNETES_MASTER_NAME}"
|
cluster/gce/container-linux/configure-helper.sh: local api_servers="--master=https://${KUBERNETES_MASTER_NAME}"
|
||||||
|
Loading…
Reference in New Issue
Block a user