Merge pull request #100764 from benhxy/tls

Use GKE specific configuration for kube-apiserver SNI cert
2025-11-03 19:58:17 +00:00 · 2021-04-15 19:52:22 -07:00
parent 2342ac3cfa ccb742c43c
commit 7ecd93ea1e
1 changed files with 3 additions and 0 deletions
--- a/cluster/gce/gci/configure-kubeapiserver.sh
+++ b/cluster/gce/gci/configure-kubeapiserver.sh
@@ -95,6 +95,9 @@ function start-kube-apiserver {
  if [[ -n "${TLS_CIPHER_SUITES:-}" ]]; then
    params+=" --tls-cipher-suites=${TLS_CIPHER_SUITES}"
  fi
  if [[ -e "${KUBE_HOME}/bin/gke-internal-configure-helper.sh" ]]; then
    params+=" $(gke-kube-apiserver-internal-sni-param)"
  fi
  params+=" --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"
  if [[ -s "${REQUESTHEADER_CA_CERT_PATH:-}" ]]; then
    params+=" --requestheader-client-ca-file=${REQUESTHEADER_CA_CERT_PATH}"