Make server certs accessible to apiserver user.

2025-11-24 02:15:10 +00:00 · 2014-11-13 13:02:48 -08:00
parent e9aadcaf44
commit 19ec2234f9
2 changed files with 5 additions and 0 deletions
--- a/cluster/saltbase/salt/generate-cert/make-cert.sh
+++ b/cluster/saltbase/salt/generate-cert/make-cert.sh
@@ -15,7 +15,9 @@
 # limitations under the License.

 cert_dir=/srv/kubernetes
+cert_file_owner=apiserver.apiserver

 openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
  -subj "/CN=kubernetes.invalid/O=Kubernetes" \
  -keyout "${cert_dir}/server.key" -out "${cert_dir}/server.cert"
+chown $cert_file_owner "${cert_dir}/server.key" "${cert_dir}/server.cert"