зеркало из https://github.com/Azure/aks-engine.git
chore: distribute apiserver.crt to control plane nodes only (#3860)
This commit is contained in:
Javier Darsie
GitHub
Родитель
1a3556e26b
Коммит
a949b0379b
|
|
@ -426,7 +426,7 @@ func (rcc *rotateCertsCmd) rotateApiserver() error {
|
|||
|
||||
for _, host := range rcc.agentNodes {
|
||||
log.Debugf("Ranging over node: %s\n", host.Name)
|
||||
for _, cmd := range []string{caCertificateCmd, apiServerCertificateCmd} {
|
||||
for _, cmd := range []string{caCertificateCmd} {
|
||||
out, err := rcc.sshCommandExecuter(cmd, rcc.masterFQDN, host.Name, "22", rcc.sshConfig)
|
||||
if err != nil {
|
||||
log.Printf("Command %s output: %s\n", cmd, out)
|
||||
|
|
|
|||
|
|
@ -148,16 +148,18 @@ configureKubeletServerCert() {
|
|||
configureK8s() {
|
||||
local client_key="/etc/kubernetes/certs/client.key" apiserver_crt="/etc/kubernetes/certs/apiserver.crt" azure_json="/etc/kubernetes/azure.json"
|
||||
touch "${client_key}"
|
||||
touch "${apiserver_crt}"
|
||||
chmod 0600 "${client_key}"
|
||||
chmod 0644 "${apiserver_crt}"
|
||||
chown root:root "${client_key}" "${apiserver_crt}"
|
||||
|
||||
chown root:root "${client_key}"
|
||||
if [[ -n ${MASTER_NODE} ]]; then
|
||||
touch "${apiserver_crt}"
|
||||
chmod 0644 "${apiserver_crt}"
|
||||
chown root:root "${apiserver_crt}"
|
||||
fi
|
||||
set +x
|
||||
echo "${KUBELET_PRIVATE_KEY}" | base64 --decode >"${client_key}"
|
||||
echo "${APISERVER_PUBLIC_KEY}" | base64 --decode >"${apiserver_crt}"
|
||||
configureKubeletServerCert
|
||||
if [[ -n ${MASTER_NODE} ]]; then
|
||||
echo "${APISERVER_PUBLIC_KEY}" | base64 --decode >"${apiserver_crt}"
|
||||
if [[ ${ENABLE_AGGREGATED_APIS} == True ]]; then
|
||||
generateAggregatedAPICerts
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -18471,16 +18471,18 @@ configureKubeletServerCert() {
|
|||
configureK8s() {
|
||||
local client_key="/etc/kubernetes/certs/client.key" apiserver_crt="/etc/kubernetes/certs/apiserver.crt" azure_json="/etc/kubernetes/azure.json"
|
||||
touch "${client_key}"
|
||||
touch "${apiserver_crt}"
|
||||
chmod 0600 "${client_key}"
|
||||
chmod 0644 "${apiserver_crt}"
|
||||
chown root:root "${client_key}" "${apiserver_crt}"
|
||||
|
||||
chown root:root "${client_key}"
|
||||
if [[ -n ${MASTER_NODE} ]]; then
|
||||
touch "${apiserver_crt}"
|
||||
chmod 0644 "${apiserver_crt}"
|
||||
chown root:root "${apiserver_crt}"
|
||||
fi
|
||||
set +x
|
||||
echo "${KUBELET_PRIVATE_KEY}" | base64 --decode >"${client_key}"
|
||||
echo "${APISERVER_PUBLIC_KEY}" | base64 --decode >"${apiserver_crt}"
|
||||
configureKubeletServerCert
|
||||
if [[ -n ${MASTER_NODE} ]]; then
|
||||
echo "${APISERVER_PUBLIC_KEY}" | base64 --decode >"${apiserver_crt}"
|
||||
if [[ ${ENABLE_AGGREGATED_APIS} == True ]]; then
|
||||
generateAggregatedAPICerts
|
||||
fi
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче