From e2ddd2dd7bb617600768d89e2ab229fd16091c55 Mon Sep 17 00:00:00 2001 From: derekwaynecarr Date: Wed, 8 Jul 2015 10:19:25 -0400 Subject: [PATCH] Missing ca crt in vagrant controllers --- .../kube-controller-manager.manifest | 2 +- cluster/vagrant/config-default.sh | 6 ++++++ cluster/vagrant/provision-master.sh | 2 +- cluster/vagrant/util.sh | 2 ++ 4 files changed, 10 insertions(+), 2 deletions(-) diff --git a/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest b/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest index 3303c2f0bc7..534ff91b23e 100644 --- a/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest +++ b/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest @@ -30,7 +30,7 @@ {% set root_ca_file = "" -%} -{% if grains['cloud'] is defined and grains.cloud in [ 'aws', 'gce' ] %} +{% if grains['cloud'] is defined and grains.cloud in [ 'aws', 'gce', 'vagrant' ] %} {% set root_ca_file = "--root_ca_file=/srv/kubernetes/ca.crt" -%} {% endif -%} diff --git a/cluster/vagrant/config-default.sh b/cluster/vagrant/config-default.sh index 7a154bcfd6d..afe34e824e1 100755 --- a/cluster/vagrant/config-default.sh +++ b/cluster/vagrant/config-default.sh @@ -82,3 +82,9 @@ DNS_REPLICAS=1 # Optional: Enable setting flags for kube-apiserver to turn on behavior in active-dev #RUNTIME_CONFIG="" RUNTIME_CONFIG="api/v1" + +# Determine extra certificate names for master +octets=($(echo "$SERVICE_CLUSTER_IP_RANGE" | sed -e 's|/.*||' -e 's/\./ /g')) +((octets[3]+=1)) +service_ip=$(echo "${octets[*]}" | sed 's/ /./g') +MASTER_EXTRA_SANS="IP:${service_ip},DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.${DNS_DOMAIN},DNS:${MASTER_NAME}" diff --git a/cluster/vagrant/provision-master.sh b/cluster/vagrant/provision-master.sh index 5100d0a0797..720cbe2af96 100755 --- a/cluster/vagrant/provision-master.sh +++ b/cluster/vagrant/provision-master.sh @@ -99,12 +99,12 @@ grains: - kubernetes-master runtime_config: '$(echo "$RUNTIME_CONFIG" | sed -e "s/'/''/g")' docker_opts: '$(echo "$DOCKER_OPTS" | sed -e "s/'/''/g")' + master_extra_sans: '$(echo "$MASTER_EXTRA_SANS" | sed -e "s/'/''/g")' EOF mkdir -p /srv/salt-overlay/pillar cat </srv/salt-overlay/pillar/cluster-params.sls service_cluster_ip_range: '$(echo "$SERVICE_CLUSTER_IP_RANGE" | sed -e "s/'/''/g")' - cert_ip: '$(echo "$MASTER_IP" | sed -e "s/'/''/g")' enable_cluster_monitoring: '$(echo "$ENABLE_CLUSTER_MONITORING" | sed -e "s/'/''/g")' enable_cluster_logging: '$(echo "$ENABLE_CLUSTER_LOGGING" | sed -e "s/'/''/g")' enable_node_logging: '$(echo "$ENABLE_NODE_LOGGING" | sed -e "s/'/''/g")' diff --git a/cluster/vagrant/util.sh b/cluster/vagrant/util.sh index b959ffbb1ce..3f3b73ad081 100644 --- a/cluster/vagrant/util.sh +++ b/cluster/vagrant/util.sh @@ -145,6 +145,7 @@ function create-provision-scripts { echo "VAGRANT_DEFAULT_PROVIDER='${VAGRANT_DEFAULT_PROVIDER:-}'" echo "KUBELET_TOKEN='${KUBELET_TOKEN:-}'" echo "KUBE_PROXY_TOKEN='${KUBE_PROXY_TOKEN:-}'" + echo "MASTER_EXTRA_SANS='${MASTER_EXTRA_SANS:-}'" awk '!/^#/' "${KUBE_ROOT}/cluster/vagrant/provision-network.sh" awk '!/^#/' "${KUBE_ROOT}/cluster/vagrant/provision-master.sh" ) > "${KUBE_TEMP}/master-start.sh" @@ -169,6 +170,7 @@ function create-provision-scripts { echo "VAGRANT_DEFAULT_PROVIDER='${VAGRANT_DEFAULT_PROVIDER:-}'" echo "KUBELET_TOKEN='${KUBELET_TOKEN:-}'" echo "KUBE_PROXY_TOKEN='${KUBE_PROXY_TOKEN:-}'" + echo "MASTER_EXTRA_SANS='${MASTER_EXTRA_SANS:-}'" awk '!/^#/' "${KUBE_ROOT}/cluster/vagrant/provision-network.sh" awk '!/^#/' "${KUBE_ROOT}/cluster/vagrant/provision-minion.sh" ) > "${KUBE_TEMP}/minion-start-${i}.sh"