Salt configuration to add basic auth to GCE.

2015-04-27 22:39:39 -07:00
parent 01f201945d
commit 8206aa9eac
5 changed files with 39 additions and 4 deletions
--- a/cluster/saltbase/salt/kube-apiserver/init.sls
+++ b/cluster/saltbase/salt/kube-apiserver/init.sls
@@ -9,6 +9,12 @@
 {% endif %}
 {% endif %}

+{% if grains['cloud'] is defined and grains['cloud'] == 'gce' %}
+/srv/kubernetes/basic_auth.csv:
+  file.managed:
+    - source: salt://kube-apiserver/basic_auth.csv
+{% endif %}
+
 # Copy kube-apiserver manifest to manifests folder for kubelet.
 /etc/kubernetes/manifests/kube-apiserver.manifest:
  file.managed:
@@ -20,7 +26,7 @@
    - makedirs: true
    - dir_mode: 755

-#stop legacy kube-apiserver service 
+#stop legacy kube-apiserver service
 stop_kube-apiserver:
  service.dead:
    - name: kube-apiserver
--- a/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest
+++ b/cluster/saltbase/salt/kube-apiserver/kube-apiserver.manifest
@@ -52,6 +52,7 @@
 {% endif -%}

 {% set token_auth_file = "--token_auth_file=/dev/null" -%}
+{% set basic_auth_file = "" -%}

 {% if grains.cloud is defined -%}
 {% if grains.cloud in [ 'aws', 'gce', 'vagrant' ] -%}
@@ -59,6 +60,10 @@
 {% endif -%}
 {% endif -%}

+{% if grains['cloud'] is defined and grains['cloud'] == 'gce' %}
+  {% set basic_auth_file = "--basic_auth_file=/srv/kubernetes/basic_auth.csv" -%}
+{% endif -%}
+
 {% set admission_control = "" -%}
 {% if pillar['admission_control'] is defined -%}
 {% set admission_control = "--admission_control=" + pillar['admission_control'] -%}
@@ -95,6 +100,7 @@
                 "--secure_port={{secure_port}}",
                 "{{token_auth_file}}",
                 "{{client_ca_file}}",
+                 "{{basic_auth_file}}",
                 "{{publicAddressOverride}}",
                 "{{pillar['log_level']}}"
               ],