diff options
author | Andrew Butcher <abutcher@afrolegs.com> | 2016-08-25 10:52:46 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-08-25 10:52:46 -0400 |
commit | b8e72ea2143834317043f19cbc3dddf8ad9047a5 (patch) | |
tree | 7875c11faf79a5771894dea9405d7a4cd55ecdd3 | |
parent | d08a872a0392c100e86eed41f5d5372d226538c0 (diff) | |
parent | 05047e0e607598641eafac8eb8d9bbfa69bb7b2c (diff) | |
download | openshift-b8e72ea2143834317043f19cbc3dddf8ad9047a5.tar.gz openshift-b8e72ea2143834317043f19cbc3dddf8ad9047a5.tar.bz2 openshift-b8e72ea2143834317043f19cbc3dddf8ad9047a5.tar.xz openshift-b8e72ea2143834317043f19cbc3dddf8ad9047a5.zip |
Merge pull request #2358 from abutcher/service-serving-certs
enable service-serving-cert-signer by default
-rw-r--r-- | filter_plugins/openshift_master.py | 3 | ||||
-rw-r--r-- | roles/openshift_master/templates/master.yaml.v1.j2 | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py index d196d6c1f..ee6a62ba5 100644 --- a/filter_plugins/openshift_master.py +++ b/filter_plugins/openshift_master.py @@ -550,6 +550,9 @@ class FilterModule(object): certs += ['openshift-master.crt', 'openshift-master.key', 'openshift-master.kubeconfig'] + if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']): + certs += ['service-signer.crt', + 'service-signer.key'] return certs @staticmethod diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 0683fa95a..ced3eb76f 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -44,6 +44,13 @@ auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }} {% endif %} controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }} {% endif %} +{% if openshift.common.version_gte_3_3_or_1_3 | bool %} +controllerConfig: + serviceServingCert: + signer: + certFile: service-signer.crt + keyFile: service-signer.key +{% endif %} controllers: '*' corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} |