mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-11-02 23:02:25 +00:00
f388fcb229
Automatic merge from submit-queue (batch tested with PRs 62655, 61711, 59122, 62853, 62390). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm: Mount additional paths inside apiserver/controller-manager for working CA root This is required for a working CA root, as /etc/ssl/certs on a few Linux distributions just contains a bunch of symlinks. Container Linux and Debian have symlinks pointing to /usr/share/ca-certificates, ArchLinux has symlinks pointing to /etc/ca-certificates. On Debian /etc/ssl/certs can also include symlinks pointing to /usr/local/share/ca-certificates for local CA certificates. Fix: kubeadm/#671 --- **What this PR does / why we need it**: Without this PR, `controller-manager` and `apiserver` would lack a CA root on some Linux distro (ex: Container Linux) which for example break flexplugins which require a CA root [[1]](https://github.com/kubernetes-incubator/external-storage/issues/571#issuecomment-360155462). **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes https://github.com/kubernetes/kubeadm/issues/671 **Special notes for your reviewer**: **Release note**: ```release-note Mount additional paths required for a working CA root, for setups where /etc/ssl/certs doesn't contains certificates but just symlink. ``` /sig sig-kubeadm