Expose /etc/pki from host to kube-apiserver and controller-manager
CentOS 7 Core nodes running on OpenStack with an SSL-enabled API endpoint results in the following error without this patch: F0425 19:00:58.124520 5 server.go:100] Cloud provider could not be initialized: could not init cloud provider "openstack": Post https://my.openstack.cloud:5000/v2.0/tokens: x509: failed to load system roots and no roots provided The root cause is that the ca-bundle.crt file is actually a symlink which points to a directory which wasn't previously exposed. [root@kubernetesstack-master ~]# ls -l /etc/ssl/certs/ca-bundle.crt lrwxrwxrwx. 1 root root 49 18 nov 11:02 /etc/ssl/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem [root@kubernetesstack-master ~]#
This commit is contained in:
parent
5f929d2a4c
commit
dd786794e9
@ -168,8 +168,8 @@
|
||||
{ "name": "etcopenssl",
|
||||
"mountPath": "/etc/openssl",
|
||||
"readOnly": true},
|
||||
{ "name": "etcpkitls",
|
||||
"mountPath": "/etc/pki/tls",
|
||||
{ "name": "etcpki",
|
||||
"mountPath": "/etc/pki",
|
||||
"readOnly": true},
|
||||
{ "name": "srvsshproxy",
|
||||
"mountPath": "{{srv_sshproxy_path}}",
|
||||
@ -200,9 +200,9 @@
|
||||
"hostPath": {
|
||||
"path": "/etc/openssl"}
|
||||
},
|
||||
{ "name": "etcpkitls",
|
||||
{ "name": "etcpki",
|
||||
"hostPath": {
|
||||
"path": "/etc/pki/tls"}
|
||||
"path": "/etc/pki"}
|
||||
},
|
||||
{ "name": "srvsshproxy",
|
||||
"hostPath": {
|
||||
|
@ -121,8 +121,8 @@
|
||||
{ "name": "etcopenssl",
|
||||
"mountPath": "/etc/openssl",
|
||||
"readOnly": true},
|
||||
{ "name": "etcpkitls",
|
||||
"mountPath": "/etc/pki/tls",
|
||||
{ "name": "etcpki",
|
||||
"mountPath": "/etc/pki",
|
||||
"readOnly": true}
|
||||
]
|
||||
}
|
||||
@ -150,9 +150,9 @@
|
||||
"hostPath": {
|
||||
"path": "/etc/openssl"}
|
||||
},
|
||||
{ "name": "etcpkitls",
|
||||
{ "name": "etcpki",
|
||||
"hostPath": {
|
||||
"path": "/etc/pki/tls"}
|
||||
"path": "/etc/pki"}
|
||||
}
|
||||
]
|
||||
}}
|
||||
|
Loading…
Reference in New Issue
Block a user