| commit | 86b2b7d39180feba9efc61e7e44323ee4ee69beb | [log] [tgz] |
|---|---|---|
| author | Łukasz Oleś <loles@mirantis.com> | Tue Nov 20 10:53:58 2018 +0100 |
| committer | Łukasz Oleś <loles@mirantis.com> | Mon Dec 17 23:15:06 2018 +0100 |
| tree | c0f9a5dcf754299b3518098d6b96bcffc478afb8 | |
| parent | 5ffe2b354ed5fb48310b292bffef41a887619950 [diff] [blame] |
Generate certs for aggregation layer Will be used for api server flags: --proxy-client-cert-file, --proxy-client-key-file https://kubernetes.io/docs/tasks/access-kubernetes-api/configure-aggregation-layer/ Related story: https://mirantis.jira.com/browse/PROD-24599 Change-Id: I673665949fd912ace5332c2dfd6500a61d45b136
diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml index a2f3d89..17236ec 100644 --- a/salt/minion/cert/k8s_client_single.yml +++ b/salt/minion/cert/k8s_client_single.yml
@@ -49,3 +49,12 @@ common_name: system:kube-controller-manager signing_policy: cert_client alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address} + k8s_aggregator_proxy: + host: ${_param:salt_minion_ca_host} + authority: ${_param:salt_minion_ca_authority} + key_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.key + cert_file: /etc/kubernetes/ssl/kube-aggregator-proxy-client.crt + ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt + common_name: system:kube-controller-manager + signing_policy: cert_client + alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}