github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add cluster up configuration for certificate signing duration.

pull/6/head
Jacob Simpson 2017-09-01 17:23:13 -07:00
parent 4b63c1fb90
commit bd0c16cc8e
4 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/common.sh
View File

@ -865,6 +865,11 @@ EOF
if [ -n "${ETCD_QUORUM_READ:-}" ]; then if [ -n "${ETCD_QUORUM_READ:-}" ]; then
cat >>$file <<EOF cat >>$file <<EOF
ETCD_QUORUM_READ: $(yaml-quote ${ETCD_QUORUM_READ}) ETCD_QUORUM_READ: $(yaml-quote ${ETCD_QUORUM_READ})
EOF
fi
if [ -n "${CLUSTER_SIGNING_DURATION:-}" ]; then
cat >>$file <<EOF
CLUSTER_SIGNING_DURATION: $(yaml-quote ${CLUSTER_SIGNING_DURATION})
EOF EOF
fi fi

3
cluster/gce/config-default.sh
View File

@ -308,6 +308,9 @@ ENABLE_PROMETHEUS_TO_SD="${ENABLE_PROMETHEUS_TO_SD:-false}"
# Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise. # Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise.
KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false
# Optional: duration of cluster signed certificates.
CLUSTER_SIGNING_DURATION="${CLUSTER_SIGNING_DURATION:-}"
# Optional: enable pod priority # Optional: enable pod priority
ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}" ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}"
if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then

5
cluster/gce/config-test.sh
View File

@ -194,7 +194,7 @@ KUBEPROXY_TEST_ARGS="${KUBEPROXY_TEST_ARGS:-} ${TEST_CLUSTER_API_CONTENT_TYPE}"
# TODO(piosz): remove this in 1.8 # TODO(piosz): remove this in 1.8
NODE_LABELS="${KUBE_NODE_LABELS:-beta.kubernetes.io/fluentd-ds-ready=true}" NODE_LABELS="${KUBE_NODE_LABELS:-beta.kubernetes.io/fluentd-ds-ready=true}"
# To avoid running Calico on a node that is not configured appropriately, # To avoid running Calico on a node that is not configured appropriately,
# label each Node so that the DaemonSet can run the Pods only on ready Nodes. # label each Node so that the DaemonSet can run the Pods only on ready Nodes.
if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then if [[ ${NETWORK_POLICY_PROVIDER:-} == "calico" ]]; then
NODE_LABELS="$NODE_LABELS,projectcalico.org/ds-ready=true" NODE_LABELS="$NODE_LABELS,projectcalico.org/ds-ready=true"
@ -367,6 +367,9 @@ ENABLE_PROMETHEUS_TO_SD="${ENABLE_PROMETHEUS_TO_SD:-true}"
# Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise. # Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise.
KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false
# Optional: duration of cluster signed certificates.
CLUSTER_SIGNING_DURATION="${CLUSTER_SIGNING_DURATION:-30m}"
# Optional: enable pod priority # Optional: enable pod priority
ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}" ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}"
if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then

4
cluster/gce/gci/configure-helper.sh
View File

@ -1529,6 +1529,10 @@ function start-kube-controller-manager {
if [[ -n "${VOLUME_PLUGIN_DIR:-}" ]]; then if [[ -n "${VOLUME_PLUGIN_DIR:-}" ]]; then
params+=" --flex-volume-plugin-dir=${VOLUME_PLUGIN_DIR}" params+=" --flex-volume-plugin-dir=${VOLUME_PLUGIN_DIR}"
fi fi
if [[ -n "${CLUSTER_SIGNING_DURATION:-}" ]]; then
params+=" --experimental-cluster-signing-duration=$CLUSTER_SIGNING_DURATION"
fi
local -r kube_rc_docker_tag=$(cat /home/kubernetes/kube-docker-files/kube-controller-manager.docker_tag) local -r kube_rc_docker_tag=$(cat /home/kubernetes/kube-docker-files/kube-controller-manager.docker_tag)
local container_env="" local container_env=""
if [[ -n "${ENABLE_CACHE_MUTATION_DETECTOR:-}" ]]; then if [[ -n "${ENABLE_CACHE_MUTATION_DETECTOR:-}" ]]; then