cluster: bindmount more cert paths

/etc/ssl/certs is currently mounted through in a number of places. However, on Gentoo and CoreOS (and probably others), the files in /etc/ssl/certs are just symlinks to files in /usr/share/ca-certificates. For these components to correclty work, the target of the symlinks needs to be available as well. This is especially important for kube-controller-manager, where this issue was noticed. This change was originally part of #33965, but was split out for ease of review.
2025-12-09 01:25:37 +00:00 · 2016-12-07 15:21:53 -08:00
parent ca049360e2
commit b8d2099b3f
6 changed files with 51 additions and 2 deletions
--- a/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest
+++ b/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest
@@ -45,6 +45,11 @@
                        "readOnly": true,
                        "mountPath": "/etc/ssl/certs"
                    },
+                    {
+                        "name": "usrsharecacerts",
+                        "readOnly": true,
+                        "mountPath": "/usr/share/ca-certificates"
+                    },
                    {
                        "name": "logfile",
                        "mountPath": "/var/log/cluster-autoscaler.log",
@@ -63,6 +68,12 @@
                    "path": "/etc/ssl/certs"
                }
            },
+            {
+                "name": "usrsharecacerts",
+                "hostPath": {
+                    "path": "/usr/share/ca-certificates"
+                }
+            },
            {
                "name": "logfile",
                "hostPath": {