mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-02 03:08:15 +00:00
5a0159ea00
Also fix up cert generation. It was failing during the first salt highstate when trying to chown the certs as the apiserver user didn't exist yet. Fix this by creating a 'kube-cert' group and chgrping the files to that. Then make the apiserver a member of that group. Fixes #2365 Fixes #2368
61 lines
1.2 KiB
Plaintext
61 lines
1.2 KiB
Plaintext
{% if grains['os_family'] == 'RedHat' %}
|
|
{% set environment_file = '/etc/sysconfig/apiserver' %}
|
|
{% else %}
|
|
{% set environment_file = '/etc/default/apiserver' %}
|
|
{% endif %}
|
|
|
|
{{ environment_file }}:
|
|
file.managed:
|
|
- source: salt://apiserver/default
|
|
- template: jinja
|
|
- user: root
|
|
- group: root
|
|
- mode: 644
|
|
|
|
/usr/local/bin/apiserver:
|
|
file.managed:
|
|
- source: salt://kube-bins/apiserver
|
|
- user: root
|
|
- group: root
|
|
- mode: 755
|
|
|
|
{% if grains['os_family'] == 'RedHat' %}
|
|
|
|
/usr/lib/systemd/system/apiserver.service:
|
|
file.managed:
|
|
- source: salt://apiserver/apiserver.service
|
|
- user: root
|
|
- group: root
|
|
|
|
{% else %}
|
|
|
|
/etc/init.d/apiserver:
|
|
file.managed:
|
|
- source: salt://apiserver/initd
|
|
- user: root
|
|
- group: root
|
|
- mode: 755
|
|
|
|
{% endif %}
|
|
|
|
apiserver:
|
|
group.present:
|
|
- system: True
|
|
user.present:
|
|
- system: True
|
|
- gid_from_name: True
|
|
- groups:
|
|
- kube-cert
|
|
- shell: /sbin/nologin
|
|
- home: /var/apiserver
|
|
- require:
|
|
- group: apiserver
|
|
service.running:
|
|
- enable: True
|
|
- watch:
|
|
- file: {{ environment_file }}
|
|
- file: /usr/local/bin/apiserver
|
|
{% if grains['os_family'] != 'RedHat' %}
|
|
- file: /etc/init.d/apiserver
|
|
{% endif %}
|