github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,280 Commits 1 Branch 31 Tags
fba216c7b3e56b831b2ece5454e0da9ed82be480
Commit Graph

13 Commits

Author SHA1 Message Date
Eric Paris
0753acf2f8 Allow make-ca-cert.sh to run on OS X 
Currently make-ca-cert.sh uses (equiv of)

mktemp -d --tmpdir kube.XXXXX

but --tmpdir is not a valid option on OS X. Switch to

mktemp -d -t kube.XXXXX

Which is valid, but subtly different between OS X and Linux. The
directory you get back will be different on each.

Linux:  ${tmpdir}/kube.y5Bsu/
OS X:   ${tmpdir}/kube.XXXXX.VQ81oOui/
 2015-08-04 19:03:01 -04:00
Eric Paris
6b9ef5b2d8 generate-cert: allow for alternative paths 
Instead of hard coding kube-cert and /srv/kubernetes allow these to be
overwritten by environment variables.  / is immutable on some systems
and so /srv is not a possible location to store data.
 2015-08-04 19:01:16 -04:00
Justin Santa Barbara
c676c11189 AWS: Configure SSL certificate alternate-names 
GCE does this in its per-provider scripts; this does the same for AWS and lets
other providers do the same; I believe kube2sky requires 10.0.0.1 as a SAN.
 2015-07-03 01:18:07 -04:00
Robert Bailey
6c42cb154b Stop copying certs into /usr/share/nginx/ since nothing relies 
on that location any longer.
 2015-05-11 11:44:19 -07:00
Eric Paris
6b3a6e6b98 Make copyright ownership statement generic 
Instead of saying "Google Inc." (which is not always correct) say "The
Kubernetes Authors", which is generic.
 2015-05-01 17:49:56 -04:00
Kenjiro Nakayama
2e702b0c61 Replace hostname -f with uname -n 2015-04-20 14:16:21 -07:00
Jordan Liggitt
2de478f16c Make cert CN unique to avoid certificate serial number clashes 2014-12-18 15:13:32 -05:00
Brendan Burns
b07515c5ea Add some backward compatability for GKE. 2014-12-02 11:32:45 -08:00
Jeff Mendoza
9934a0ace4 Update cert generation for Azure. 2014-11-18 14:10:50 -08:00
Joe Beda
5a0159ea00 Get Vagrant to start using TLS client certs. 
Also fix up cert generation. It was failing during the first salt highstate when trying to chown the certs as the apiserver user didn't exist yet.  Fix this by creating a 'kube-cert' group and chgrping the files to that.  Then make the apiserver a member of that group.

Fixes #2365
Fixes #2368
 2014-11-13 22:16:45 -08:00
Richard Larocque
63d6e7cd9f make-cert.sh: Create directory before writing cert 
Adds a "mkdir -p" to the make-cert.sh.  This fixes an issue where the
script could fail if /srv/kubernetes did not exist previously.
 2014-11-13 16:39:09 -08:00
Eric Tune
19ec2234f9 Make server certs accessible to apiserver user. 2014-11-13 13:02:48 -08:00
Joe Beda
ee2f030623 Give the API server access to TLS certs. 
Moved the cert generation to a separate salt state and put it in a more appropriate sharable location (`/srv/kubernetes/`).
 2014-11-12 18:14:24 -08:00