Merge pull request #7101 from liggitt/service_account

ServiceAccounts
2015-05-12 10:23:41 -07:00
parent 4e023e9f8e 92bd58ede6
commit d75bd8bf2a
79 changed files with 5907 additions and 24 deletions
--- a/cluster/aws/config-default.sh
+++ b/cluster/aws/config-default.sh
@@ -72,7 +72,7 @@ DNS_DOMAIN="kubernetes.local"
 DNS_REPLICAS=1

 # Admission Controllers to invoke prior to persisting objects in cluster
-ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ResourceQuota
+ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota

 # Optional: Enable/disable public IP assignment for minions.
 # Important Note: disable only if you have setup a NAT instance for internet access and configured appropriate routes!
--- a/cluster/azure/config-default.sh
+++ b/cluster/azure/config-default.sh
@@ -49,4 +49,4 @@ ELASTICSEARCH_LOGGING_REPLICAS=1
 ENABLE_CLUSTER_MONITORING="${KUBE_ENABLE_CLUSTER_MONITORING:-true}"

 # Admission Controllers to invoke prior to persisting objects in cluster
-ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ResourceQuota
+ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
--- a/cluster/gce/config-default.sh
+++ b/cluster/gce/config-default.sh
@@ -76,4 +76,4 @@ DNS_DOMAIN="kubernetes.local"
 DNS_REPLICAS=1

 # Admission Controllers to invoke prior to persisting objects in cluster
-ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ResourceQuota
+ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@@ -74,4 +74,4 @@ DNS_SERVER_IP="10.0.0.10"
 DNS_DOMAIN="kubernetes.local"
 DNS_REPLICAS=1

-ADMISSION_CONTROL=NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ResourceQuota
+ADMISSION_CONTROL=NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota
--- a/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest
+++ b/cluster/saltbase/salt/kube-controller-manager/kube-controller-manager.manifest
@@ -24,6 +24,8 @@
 {% if grains.cloud is defined -%}
 {% set cloud_provider = "--cloud_provider=" + grains.cloud -%}

+{% set service_account_key = " --service_account_private_key_file=/srv/kubernetes/server.key " -%}
+
 {% if grains.cloud == 'gce' -%}
  {% if grains.cloud_config is defined -%}
    {% set cloud_config = "--cloud_config=" + grains.cloud_config -%}
@@ -55,7 +57,7 @@
 {% endif -%}
 {% endif -%}

-{% set params = "--master=127.0.0.1:8080" + " " + machines + " " + cluster_name + " " + cluster_cidr + " " + allocate_node_cidrs + " " + minion_regexp + " " + cloud_provider  + " " + sync_nodes + " " + cloud_config + " " + pillar['log_level'] -%}
+{% set params = "--master=127.0.0.1:8080" + " " + machines + " " + cluster_name + " " + cluster_cidr + " " + allocate_node_cidrs + " " + minion_regexp + " " + cloud_provider  + " " + sync_nodes + " " + cloud_config + service_account_key + pillar['log_level'] -%}

 {
 "apiVersion": "v1beta3",
--- a/cluster/vagrant/config-default.sh
+++ b/cluster/vagrant/config-default.sh
@@ -50,7 +50,7 @@ MASTER_USER=vagrant
 MASTER_PASSWD=vagrant

 # Admission Controllers to invoke prior to persisting objects in cluster
-ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ResourceQuota
+ADMISSION_CONTROL=NamespaceLifecycle,NamespaceAutoProvision,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota

 # Optional: Install node monitoring.
 ENABLE_NODE_MONITORING=true