update centos deployment scripts call make-ca-cert.sh to generate certs

2025-11-02 19:28:16 +00:00 · 2015-09-02 15:35:48 +00:00
parent 5f985045f4
commit 4e2613575d
4 changed files with 41 additions and 11 deletions
--- a/cluster/centos/master/scripts/controller-manager.sh
+++ b/cluster/centos/master/scripts/controller-manager.sh
@@ -22,11 +22,20 @@ KUBE_LOGTOSTDERR="--logtostderr=true"
 KUBE_LOG_LEVEL="--v=4"
 KUBE_MASTER="--master=${MASTER_ADDRESS}:8080"

+# --root-ca-file="": If set, this root certificate authority will be included in
+# service account's token secret. This must be a valid PEM-encoded CA bundle.
+KUBE_CONTROLLER_MANAGER_ROOT_CA_FILE="--root-ca-file=/srv/kubernetes/ca.crt"
+
+# --service-account-private-key-file="": Filename containing a PEM-encoded private
+# RSA key used to sign service account tokens.
+KUBE_CONTROLLER_MANAGER_SERVICE_ACCOUNT_PRIVATE_KEY_FILE="--service-account-private-key-file=/srv/kubernetes/server.key"
 EOF

 KUBE_CONTROLLER_MANAGER_OPTS="  \${KUBE_LOGTOSTDERR} \\
                                \${KUBE_LOG_LEVEL}   \\
-                                \${KUBE_MASTER}"
+                                \${KUBE_MASTER}      \\
+                                \${KUBE_CONTROLLER_MANAGER_ROOT_CA_FILE} \\
+                                \${KUBE_CONTROLLER_MANAGER_SERVICE_ACCOUNT_PRIVATE_KEY_FILE}"

 cat <<EOF >/usr/lib/systemd/system/kube-controller-manager.service
 [Unit]