github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
ee2f03062357e39beccdca79c0bf45c322c11049
kubernetes/cluster/saltbase/salt/apiserver/default
Joe Beda ee2f030623 Give the API server access to TLS certs. 
Moved the cert generation to a separate salt state and put it in a more appropriate sharable location (`/srv/kubernetes/`).
2014-11-12 18:14:24 -08:00

34 lines
1.2 KiB
Plaintext
Raw Blame History

{% set daemon_args = "$DAEMON_ARGS" %}
{% if grains['os_family'] == 'RedHat' %}
{% set daemon_args = "" %}
{% endif %}
{% set cloud_provider = "" %}
{% if grains.cloud_provider is defined %}
{% set cloud_provider = "-cloud_provider=" + grains.cloud_provider %}
{% endif %}
{% set address = "-address=127.0.0.1" %}
{% if grains.etcd_servers is defined %}
{% set etcd_servers = "-etcd_servers=http://" + grains.etcd_servers + ":4001" %}
{% else %}
{% set ips = salt['mine.get']('roles:kubernetes-master', 'network.ip_addrs', 'grain').values() %}
{% set etcd_servers = "-etcd_servers=http://" + ips[0][0] + ":4001" %}
{% endif %}
{% if grains.cloud is defined %}
{% if grains.cloud == 'gce' %}
{% set cloud_provider = "-cloud_provider=gce" %}
{% endif %}
{% endif %}
{% if pillar['portal_net'] is defined %}
{% set portal_net = "-portal_net=" + pillar['portal_net'] %}
{% endif %}
{% set cert_file = "-tls_cert_file=/srv/kubernetes/server.cert" %}
{% set key_file = "-tls_private_key_file=/srv/kubernetes/server.key" %}
DAEMON_ARGS="{{daemon_args}} {{address}} {{etcd_servers}} {{ cloud_provider }} --allow_privileged={{pillar['allow_privileged']}} {{portal_net}} {{cert_file}} {{key_file}}"
Reference in New Issue View Git Blame Copy Permalink