Skip to content
Snippets Groups Projects
Commit 7a98ad50 authored by Brad Beam's avatar Brad Beam
Browse files

Fixing CA certificate locations for k8s components

parent 576beaa6
No related branches found
No related tags found
No related merge requests found
...@@ -105,9 +105,14 @@ spec: ...@@ -105,9 +105,14 @@ spec:
- mountPath: {{ kube_config_dir }} - mountPath: {{ kube_config_dir }}
name: kubernetes-config name: kubernetes-config
readOnly: true readOnly: true
- mountPath: /etc/ssl/certs - mountPath: /etc/ssl
name: ssl-certs-host name: ssl-certs-host
readOnly: true readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: {{ etcd_cert_dir }} - mountPath: {{ etcd_cert_dir }}
name: etcd-certs name: etcd-certs
readOnly: true readOnly: true
...@@ -120,9 +125,14 @@ spec: ...@@ -120,9 +125,14 @@ spec:
- hostPath: - hostPath:
path: {{ kube_config_dir }} path: {{ kube_config_dir }}
name: kubernetes-config name: kubernetes-config
- hostPath: - name: ssl-certs-host
path: /etc/ssl/certs/ hostPath:
name: ssl-certs-host path: /etc/ssl
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
{% endfor %}
- hostPath: - hostPath:
path: {{ etcd_cert_dir }} path: {{ etcd_cert_dir }}
name: etcd-certs name: etcd-certs
......
...@@ -70,9 +70,14 @@ spec: ...@@ -70,9 +70,14 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
timeoutSeconds: 10 timeoutSeconds: 10
volumeMounts: volumeMounts:
- mountPath: /etc/ssl/certs - mountPath: /etc/ssl
name: ssl-certs-host name: ssl-certs-host
readOnly: true readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: "{{kube_config_dir}}/ssl" - mountPath: "{{kube_config_dir}}/ssl"
name: etc-kube-ssl name: etc-kube-ssl
readOnly: true readOnly: true
...@@ -87,11 +92,12 @@ spec: ...@@ -87,11 +92,12 @@ spec:
volumes: volumes:
- name: ssl-certs-host - name: ssl-certs-host
hostPath: hostPath:
{% if ansible_os_family == 'RedHat' %} path: /etc/ssl
path: /etc/pki/tls {% for dir in ssl_ca_dirs %}
{% else %} - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
path: /usr/share/ca-certificates hostPath:
{% endif %} path: {{ dir }}
{% endfor %}
- name: etc-kube-ssl - name: etc-kube-ssl
hostPath: hostPath:
path: "{{ kube_config_dir }}/ssl" path: "{{ kube_config_dir }}/ssl"
......
...@@ -45,9 +45,14 @@ spec: ...@@ -45,9 +45,14 @@ spec:
initialDelaySeconds: 30 initialDelaySeconds: 30
timeoutSeconds: 10 timeoutSeconds: 10
volumeMounts: volumeMounts:
- mountPath: /etc/ssl/certs - mountPath: /etc/ssl
name: ssl-certs-host name: ssl-certs-host
readOnly: true readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: "{{ kube_config_dir }}/ssl" - mountPath: "{{ kube_config_dir }}/ssl"
name: etc-kube-ssl name: etc-kube-ssl
readOnly: true readOnly: true
...@@ -57,11 +62,12 @@ spec: ...@@ -57,11 +62,12 @@ spec:
volumes: volumes:
- name: ssl-certs-host - name: ssl-certs-host
hostPath: hostPath:
{% if ansible_os_family == 'RedHat' %} path: /etc/ssl
path: /etc/pki/tls {% for dir in ssl_ca_dirs %}
{% else %} - name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
path: /usr/share/ca-certificates hostPath:
{% endif %} path: {{ dir }}
{% endfor %}
- name: etc-kube-ssl - name: etc-kube-ssl
hostPath: hostPath:
path: "{{ kube_config_dir }}/ssl" path: "{{ kube_config_dir }}/ssl"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment