Make sure serviceaccount tokens are created and recognized

2025-08-04 18:00:08 +00:00 · 2015-06-30 13:03:10 -04:00 · 2015-06-30 13:03:10 -04:00 · ddf52a854e
commit ddf52a854e
parent 3cacc42985
2 changed files with 2 additions and 2 deletions
--- a/contrib/ansible/roles/master/templates/apiserver.j2
+++ b/contrib/ansible/roles/master/templates/apiserver.j2
@ -23,4 +23,4 @@ KUBE_ETCD_SERVERS="--etcd_servers={% for node in groups['etcd'] %}http://{{ node
 KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"

 # Add your own!
-KUBE_API_ARGS="--tls_cert_file={{ kube_cert_dir }}/server.cert --tls_private_key_file={{ kube_cert_dir }}/server.key --client_ca_file={{ kube_cert_dir }}/ca.crt --token_auth_file={{ kube_token_dir }}/known_tokens.csv"
+KUBE_API_ARGS="--tls_cert_file={{ kube_cert_dir }}/server.cert --tls_private_key_file={{ kube_cert_dir }}/server.key --client_ca_file={{ kube_cert_dir }}/ca.crt --token_auth_file={{ kube_token_dir }}/known_tokens.csv --service_account_key_file={{ kube_cert_dir }}/server.cert"
--- a/contrib/ansible/roles/master/templates/controller-manager.j2
+++ b/contrib/ansible/roles/master/templates/controller-manager.j2
@ -4,4 +4,4 @@
 # defaults from config and apiserver should be adequate

 # Add your own!
-KUBE_CONTROLLER_MANAGER_ARGS="--kubeconfig={{ kube_config_dir }}/controller-manager.kubeconfig"
+KUBE_CONTROLLER_MANAGER_ARGS="--kubeconfig={{ kube_config_dir }}/controller-manager.kubeconfig --service_account_private_key_file={{ kube_cert_dir }}/server.key --root_ca_file={{ kube_cert_dir }}/ca.crt"