From 633bfa7ebcfd70e96fe624db8e5fa6356b84236b Mon Sep 17 00:00:00 2001
From: Arnaud MAZIN <amazin@octo.com>
Date: Tue, 13 Nov 2018 19:25:59 +0100
Subject: [PATCH] Bring static tokens and user back to 1.12 (#3593)

---
 .../templates/kubeadm-config.v1alpha3.yaml.j2   | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2 b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
index 5eef26fe2..6e70227aa 100644
--- a/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
@@ -67,6 +67,9 @@ apiServerExtraArgs:
 {% if kube_basic_auth|default(true) %}
   basic-auth-file: {{ kube_users_dir }}/known_users.csv
 {% endif %}
+{% if kube_token_auth|default(true) %}
+  token-auth-file: {{ kube_token_dir }}/known_tokens.csv
+{% endif %}
 {% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
   oidc-issuer-url: {{ kube_oidc_url }}
   oidc-client-id: {{ kube_oidc_client_id }}
@@ -114,8 +117,19 @@ controllerManagerExtraVolumes:
   hostPath: "{{ kube_config_dir }}/openstack-cacert.pem"
   mountPath: "{{ kube_config_dir }}/openstack-cacert.pem"
 {% endif %}
-{% if kubernetes_audit %}
+{% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) %}
 apiServerExtraVolumes:
+{% if kube_basic_auth|default(true) %}
+- name: basic-auth-config
+  hostPath: {{ kube_users_dir }}
+  mountPath: {{ kube_users_dir }}
+{% endif %}
+{% if kube_token_auth|default(true) %}
+- name: token-auth-config
+  hostPath: {{ kube_token_dir }}
+  mountPath: {{ kube_token_dir }}
+{% endif %}
+{% if kubernetes_audit %}
 - name: {{ audit_policy_name }}
   hostPath: {{ audit_policy_hostpath }}
   mountPath: {{ audit_policy_mountpath }}
@@ -126,6 +140,7 @@ apiServerExtraVolumes:
   writable: true
 {% endif %}
 {% endif %}
+{% endif %}
 {% for key in kube_kubeadm_controller_extra_args %}
   {{ key }}: "{{ kube_kubeadm_controller_extra_args[key] }}"
 {% endfor %}
-- 
GitLab