mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-27 13:37:30 +00:00
Merge pull request #72478 from bart0sh/PR0054-kubeadm-selfhosting-pivot-kube-apiserver
kubeadm: add required etcd certs to selfhosting api-server
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
da59a6da4a
@ -20,6 +20,7 @@ import (
|
|||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"k8s.io/api/core/v1"
|
"k8s.io/api/core/v1"
|
||||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||||
@ -128,6 +129,40 @@ func apiServerCertificatesVolumeSource() v1.VolumeSource {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Secret: &v1.SecretProjection{
|
||||||
|
LocalObjectReference: v1.LocalObjectReference{
|
||||||
|
Name: strings.Replace(kubeadmconstants.EtcdCACertAndKeyBaseName, "/", "-", -1),
|
||||||
|
},
|
||||||
|
Items: []v1.KeyToPath{
|
||||||
|
{
|
||||||
|
Key: v1.TLSCertKey,
|
||||||
|
Path: kubeadmconstants.EtcdCACertName,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Key: v1.TLSPrivateKeyKey,
|
||||||
|
Path: kubeadmconstants.EtcdCAKeyName,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Secret: &v1.SecretProjection{
|
||||||
|
LocalObjectReference: v1.LocalObjectReference{
|
||||||
|
Name: kubeadmconstants.APIServerEtcdClientCertAndKeyBaseName,
|
||||||
|
},
|
||||||
|
Items: []v1.KeyToPath{
|
||||||
|
{
|
||||||
|
Key: v1.TLSCertKey,
|
||||||
|
Path: kubeadmconstants.APIServerEtcdClientCertName,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
Key: v1.TLSPrivateKeyKey,
|
||||||
|
Path: kubeadmconstants.APIServerEtcdClientKeyName,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
@ -175,7 +210,7 @@ func controllerManagerCertificatesVolumeSource() v1.VolumeSource {
|
|||||||
func kubeConfigVolumeSource(kubeconfigSecretName string) v1.VolumeSource {
|
func kubeConfigVolumeSource(kubeconfigSecretName string) v1.VolumeSource {
|
||||||
return v1.VolumeSource{
|
return v1.VolumeSource{
|
||||||
Secret: &v1.SecretVolumeSource{
|
Secret: &v1.SecretVolumeSource{
|
||||||
SecretName: kubeconfigSecretName,
|
SecretName: strings.Replace(kubeconfigSecretName, "/", "-", -1),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -294,5 +329,15 @@ func getTLSKeyPairs() []*tlsKeyPair {
|
|||||||
cert: kubeadmconstants.FrontProxyClientCertName,
|
cert: kubeadmconstants.FrontProxyClientCertName,
|
||||||
key: kubeadmconstants.FrontProxyClientKeyName,
|
key: kubeadmconstants.FrontProxyClientKeyName,
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: strings.Replace(kubeadmconstants.EtcdCACertAndKeyBaseName, "/", "-", -1),
|
||||||
|
cert: kubeadmconstants.EtcdCACertName,
|
||||||
|
key: kubeadmconstants.EtcdCAKeyName,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
name: kubeadmconstants.APIServerEtcdClientCertAndKeyBaseName,
|
||||||
|
cert: kubeadmconstants.APIServerEtcdClientCertName,
|
||||||
|
key: kubeadmconstants.APIServerEtcdClientKeyName,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user