cluster: bindmount more cert paths

/etc/ssl/certs is currently mounted through in a number of places. However, on Gentoo and CoreOS (and probably others), the files in /etc/ssl/certs are just symlinks to files in /usr/share/ca-certificates. For these components to correclty work, the target of the symlinks needs to be available as well. This is especially important for kube-controller-manager, where this issue was noticed. This change was originally part of #33965, but was split out for ease of review.
2016-12-07 15:21:53 -08:00
parent ca049360e2
commit b8d2099b3f
6 changed files with 51 additions and 2 deletions
--- a/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest
+++ b/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest
@@ -134,6 +134,9 @@
        { "name": "etcssl",
        "mountPath": "/etc/ssl",
        "readOnly": true},
+        { "name": "usrsharecacerts",
+        "mountPath": "/usr/share/ca-certificates",
+        "readOnly": true},
        { "name": "varssl",
        "mountPath": "/var/ssl",
        "readOnly": true},
@@ -161,6 +164,10 @@
    "hostPath": {
        "path": "/etc/ssl"}
  },
+  { "name": "usrsharecacerts",
+    "hostPath": {
+        "path": "/usr/share/ca-certificates"}
+  },
  { "name": "varssl",
    "hostPath": {
        "path": "/var/ssl"}