github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #51844 from jcbsmpsn/add-signing-duration-configuration-flag 

Automatic merge from submit-queue

Add cluster up configuration for certificate signing duration.

```release-note
Add CLUSTER_SIGNING_DURATION environment variable to cluster configuration scripts
to allow configuration of signing duration of certificates issued via the Certificate
Signing Request API.
```
pull/6/head
Kubernetes Submit Queue 2017-09-08 13:24:20 -07:00 committed by GitHub
parent 0817394bca bd0c16cc8e
commit ed154988c5
4 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/common.sh
View File

@ -865,6 +865,11 @@ EOF
if [ -n "${ETCD_QUORUM_READ:-}" ]; then if [ -n "${ETCD_QUORUM_READ:-}" ]; then
cat >>$file <<EOF cat >>$file <<EOF
ETCD_QUORUM_READ: $(yaml-quote ${ETCD_QUORUM_READ}) ETCD_QUORUM_READ: $(yaml-quote ${ETCD_QUORUM_READ})
EOF
fi
if [ -n "${CLUSTER_SIGNING_DURATION:-}" ]; then
cat >>$file <<EOF
CLUSTER_SIGNING_DURATION: $(yaml-quote ${CLUSTER_SIGNING_DURATION})
EOF EOF
fi fi

3
cluster/gce/config-default.sh
View File

@ -314,6 +314,9 @@ ENABLE_PROMETHEUS_TO_SD="${ENABLE_PROMETHEUS_TO_SD:-false}"
# Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise. # Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise.
KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false
# Optional: duration of cluster signed certificates.
CLUSTER_SIGNING_DURATION="${CLUSTER_SIGNING_DURATION:-}"
# Optional: enable pod priority # Optional: enable pod priority
ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}" ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}"
if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then

3
cluster/gce/config-test.sh
View File

@ -372,6 +372,9 @@ ENABLE_PROMETHEUS_TO_SD="${ENABLE_PROMETHEUS_TO_SD:-true}"
# Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise. # Optional: Run kube-proxy as a DaemonSet if set to true, run as static pods otherwise.
KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false KUBE_PROXY_DAEMONSET="${KUBE_PROXY_DAEMONSET:-false}" # true, false
# Optional: duration of cluster signed certificates.
CLUSTER_SIGNING_DURATION="${CLUSTER_SIGNING_DURATION:-30m}"
# Optional: enable pod priority # Optional: enable pod priority
ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}" ENABLE_POD_PRIORITY="${ENABLE_POD_PRIORITY:-}"
if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then if [[ "${ENABLE_POD_PRIORITY}" == "true" ]]; then

4
cluster/gce/gci/configure-helper.sh
View File

@ -1535,6 +1535,10 @@ function start-kube-controller-manager {
if [[ -n "${VOLUME_PLUGIN_DIR:-}" ]]; then if [[ -n "${VOLUME_PLUGIN_DIR:-}" ]]; then
params+=" --flex-volume-plugin-dir=${VOLUME_PLUGIN_DIR}" params+=" --flex-volume-plugin-dir=${VOLUME_PLUGIN_DIR}"
fi fi
if [[ -n "${CLUSTER_SIGNING_DURATION:-}" ]]; then
params+=" --experimental-cluster-signing-duration=$CLUSTER_SIGNING_DURATION"
fi
local -r kube_rc_docker_tag=$(cat /home/kubernetes/kube-docker-files/kube-controller-manager.docker_tag) local -r kube_rc_docker_tag=$(cat /home/kubernetes/kube-docker-files/kube-controller-manager.docker_tag)
local container_env="" local container_env=""
if [[ -n "${ENABLE_CACHE_MUTATION_DETECTOR:-}" ]]; then if [[ -n "${ENABLE_CACHE_MUTATION_DETECTOR:-}" ]]; then