diff --git a/cluster/addons/cluster-monitoring/google/heapster-controller.yaml b/cluster/addons/cluster-monitoring/google/heapster-controller.yaml index 17f89842be..8e0da9d0b1 100644 --- a/cluster/addons/cluster-monitoring/google/heapster-controller.yaml +++ b/cluster/addons/cluster-monitoring/google/heapster-controller.yaml @@ -53,6 +53,9 @@ spec: - name: ssl-certs mountPath: /etc/ssl/certs readOnly: true + - name: usr-ca-certs + mountPath: /usr/share/ca-certificates + readOnly: true - image: gcr.io/google_containers/heapster:v1.2.0 name: eventer command: @@ -63,6 +66,9 @@ spec: - name: ssl-certs mountPath: /etc/ssl/certs readOnly: true + - name: usr-ca-certs + mountPath: /usr/share/ca-certificates + readOnly: true - image: gcr.io/google_containers/addon-resizer:1.6 name: heapster-nanny resources: @@ -125,3 +131,6 @@ spec: - name: ssl-certs hostPath: path: "/etc/ssl/certs" + - name: usr-ca-certs + hostPath: + path: "/usr/share/ca-certificates" diff --git a/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml b/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml index 81fb8980fb..c9cdb2033d 100644 --- a/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml +++ b/cluster/addons/cluster-monitoring/googleinfluxdb/heapster-controller-combined.yaml @@ -54,6 +54,9 @@ spec: - name: ssl-certs mountPath: /etc/ssl/certs readOnly: true + - name: usr-ca-certs + mountPath: /usr/share/ca-certificates + readOnly: true - image: gcr.io/google_containers/heapster:v1.2.0 name: eventer command: @@ -64,6 +67,9 @@ spec: - name: ssl-certs mountPath: /etc/ssl/certs readOnly: true + - name: usr-ca-certs + mountPath: /usr/share/ca-certificates + readOnly: true - image: gcr.io/google_containers/addon-resizer:1.6 name: heapster-nanny resources: @@ -126,3 +132,6 @@ spec: - name: ssl-certs hostPath: path: "/etc/ssl/certs" + - name: usr-ca-certs + hostPath: + path: "/usr/share/ca-certificates" diff --git a/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest b/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest index 4848c46c98..2c3b27430d 100644 --- a/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest +++ b/cluster/saltbase/salt/cluster-autoscaler/cluster-autoscaler.manifest @@ -45,6 +45,11 @@ "readOnly": true, "mountPath": "/etc/ssl/certs" }, + { + "name": "usrsharecacerts", + "readOnly": true, + "mountPath": "/usr/share/ca-certificates" + }, { "name": "logfile", "mountPath": "/var/log/cluster-autoscaler.log", @@ -63,6 +68,12 @@ "path": "/etc/ssl/certs" } }, + { + "name": "usrsharecacerts", + "hostPath": { + "path": "/usr/share/ca-certificates" + } + }, { "name": "logfile", "hostPath": { diff --git a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest index 8453f3d0df..3c94dccc08 100644 --- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest +++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest @@ -236,6 +236,9 @@ { "name": "etcssl", "mountPath": "/etc/ssl", "readOnly": true}, + { "name": "usrsharecacerts", + "mountPath": "/usr/share/ca-certificates", + "readOnly": true}, { "name": "varssl", "mountPath": "/var/ssl", "readOnly": true}, @@ -270,6 +273,10 @@ "hostPath": { "path": "/etc/ssl"} }, + { "name": "usrsharecacerts", + "hostPath": { + "path": "/usr/share/ca-certificates"} + }, { "name": "varssl", "hostPath": { "path": "/var/ssl"} diff --git a/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest b/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest index 9ca55f2183..ac32b32d56 100644 --- a/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest +++ b/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest @@ -134,6 +134,9 @@ { "name": "etcssl", "mountPath": "/etc/ssl", "readOnly": true}, + { "name": "usrsharecacerts", + "mountPath": "/usr/share/ca-certificates", + "readOnly": true}, { "name": "varssl", "mountPath": "/var/ssl", "readOnly": true}, @@ -161,6 +164,10 @@ "hostPath": { "path": "/etc/ssl"} }, + { "name": "usrsharecacerts", + "hostPath": { + "path": "/usr/share/ca-certificates"} + }, { "name": "varssl", "hostPath": { "path": "/var/ssl"} diff --git a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest index 9b85a671e3..573b27f281 100644 --- a/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest +++ b/cluster/saltbase/salt/kube-proxy/kube-proxy.manifest @@ -57,7 +57,10 @@ spec: privileged: true volumeMounts: - mountPath: /etc/ssl/certs - name: ssl-certs-host + name: etc-ssl-certs + readOnly: true + - mountPath: /usr/share/ca-certificates + name: usr-ca-certs readOnly: true - mountPath: /var/log name: varlog @@ -68,7 +71,10 @@ spec: volumes: - hostPath: path: /usr/share/ca-certificates - name: ssl-certs-host + name: usr-ca-certs + - hostPath: + path: /etc/ssl/certs + name: etc-ssl-certs - hostPath: path: /var/lib/kube-proxy/kubeconfig name: kubeconfig