Skip to content
Snippets Groups Projects
Commit 7a98ad50 authored by Brad Beam's avatar Brad Beam
Browse files

Fixing CA certificate locations for k8s components

parent 576beaa6
No related branches found
No related tags found
No related merge requests found
......@@ -105,9 +105,14 @@ spec:
- mountPath: {{ kube_config_dir }}
name: kubernetes-config
readOnly: true
- mountPath: /etc/ssl/certs
- mountPath: /etc/ssl
name: ssl-certs-host
readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: {{ etcd_cert_dir }}
name: etcd-certs
readOnly: true
......@@ -120,9 +125,14 @@ spec:
- hostPath:
path: {{ kube_config_dir }}
name: kubernetes-config
- hostPath:
path: /etc/ssl/certs/
name: ssl-certs-host
- name: ssl-certs-host
hostPath:
path: /etc/ssl
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
{% endfor %}
- hostPath:
path: {{ etcd_cert_dir }}
name: etcd-certs
......
......@@ -70,9 +70,14 @@ spec:
initialDelaySeconds: 30
timeoutSeconds: 10
volumeMounts:
- mountPath: /etc/ssl/certs
- mountPath: /etc/ssl
name: ssl-certs-host
readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: "{{kube_config_dir}}/ssl"
name: etc-kube-ssl
readOnly: true
......@@ -87,11 +92,12 @@ spec:
volumes:
- name: ssl-certs-host
hostPath:
{% if ansible_os_family == 'RedHat' %}
path: /etc/pki/tls
{% else %}
path: /usr/share/ca-certificates
{% endif %}
path: /etc/ssl
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
{% endfor %}
- name: etc-kube-ssl
hostPath:
path: "{{ kube_config_dir }}/ssl"
......
......@@ -45,9 +45,14 @@ spec:
initialDelaySeconds: 30
timeoutSeconds: 10
volumeMounts:
- mountPath: /etc/ssl/certs
- mountPath: /etc/ssl
name: ssl-certs-host
readOnly: true
{% for dir in ssl_ca_dirs %}
- mountPath: {{ dir }}
name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
readOnly: true
{% endfor %}
- mountPath: "{{ kube_config_dir }}/ssl"
name: etc-kube-ssl
readOnly: true
......@@ -57,11 +62,12 @@ spec:
volumes:
- name: ssl-certs-host
hostPath:
{% if ansible_os_family == 'RedHat' %}
path: /etc/pki/tls
{% else %}
path: /usr/share/ca-certificates
{% endif %}
path: /etc/ssl
{% for dir in ssl_ca_dirs %}
- name: {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }}
hostPath:
path: {{ dir }}
{% endfor %}
- name: etc-kube-ssl
hostPath:
path: "{{ kube_config_dir }}/ssl"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment