Expose /etc/pki from host to kube-apiserver and controller-manager

CentOS 7 Core nodes running on OpenStack with an SSL-enabled API
endpoint results in the following error without this patch:

F0425 19:00:58.124520       5 server.go:100] Cloud provider could not be initialized: could not init cloud provider "openstack": Post https://my.openstack.cloud:5000/v2.0/tokens: x509: failed to load system roots and no roots provided

The root cause is that the ca-bundle.crt file is actually a symlink
which points to a directory which wasn't previously exposed.

[root@kubernetesstack-master ~]# ls -l /etc/ssl/certs/ca-bundle.crt
lrwxrwxrwx. 1 root root 49 18 nov 11:02 /etc/ssl/certs/ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@kubernetesstack-master ~]#
This commit is contained in:
Francois Deppierraz 2016-04-28 09:20:13 +02:00
parent 5f929d2a4c
commit dd786794e9
2 changed files with 8 additions and 8 deletions

View File

@ -168,8 +168,8 @@
{ "name": "etcopenssl",
"mountPath": "/etc/openssl",
"readOnly": true},
{ "name": "etcpkitls",
"mountPath": "/etc/pki/tls",
{ "name": "etcpki",
"mountPath": "/etc/pki",
"readOnly": true},
{ "name": "srvsshproxy",
"mountPath": "{{srv_sshproxy_path}}",
@ -200,9 +200,9 @@
"hostPath": {
"path": "/etc/openssl"}
},
{ "name": "etcpkitls",
{ "name": "etcpki",
"hostPath": {
"path": "/etc/pki/tls"}
"path": "/etc/pki"}
},
{ "name": "srvsshproxy",
"hostPath": {

View File

@ -121,8 +121,8 @@
{ "name": "etcopenssl",
"mountPath": "/etc/openssl",
"readOnly": true},
{ "name": "etcpkitls",
"mountPath": "/etc/pki/tls",
{ "name": "etcpki",
"mountPath": "/etc/pki",
"readOnly": true}
]
}
@ -150,9 +150,9 @@
"hostPath": {
"path": "/etc/openssl"}
},
{ "name": "etcpkitls",
{ "name": "etcpki",
"hostPath": {
"path": "/etc/pki/tls"}
"path": "/etc/pki"}
}
]
}}