github-personal/terraform-render-bootstrap
1
0
Fork 0
mirror of https://github.com/outbackdingo/terraform-render-bootstrap.git synced 2026-01-27 10:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restore kube-controller-manager --use-service-account-credentials

Browse Source 
* kube-controller-manager Pods can start control loops with credentials
that have been granted relevant controller manager roles or using
generated service accounts bound to each role
* During the migration of the control plane from self-hosted to static
pods (https://github.com/poseidon/terraform-render-bootstrap/pull/148)
the flag for using separate service accounts was inadvertently dropped
* Restore the --use-service-account-credentials flag used before v1.16

Related:

* https://kubernetes.io/docs/reference/access-authn-authz/rbac/#controller-roles
* https://github.com/poseidon/terraform-render-bootstrap/pull/225
This commit is contained in:
Starbuck
2020-11-10 13:47:13 +01:00
committed by Dalton Hubble
parent c6e3a2bcdc
commit 74c299bf2c
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
resources/static-manifests/kube-controller-manager.yaml
View File

@@ -33,6 +33,7 @@ spec:
- --root-ca-file=/etc/kubernetes/secrets/ca.crt
- --service-account-private-key-file=/etc/kubernetes/secrets/service-account.key
- --service-cluster-ip-range=${service_cidr}
- --use-service-account-credentials=true
livenessProbe:
httpGet:
scheme: HTTPS