summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@afrolegs.com>2016-08-25 10:52:46 -0400
committerGitHub <noreply@github.com>2016-08-25 10:52:46 -0400
commitb8e72ea2143834317043f19cbc3dddf8ad9047a5 (patch)
tree7875c11faf79a5771894dea9405d7a4cd55ecdd3
parentd08a872a0392c100e86eed41f5d5372d226538c0 (diff)
parent05047e0e607598641eafac8eb8d9bbfa69bb7b2c (diff)
downloadopenshift-b8e72ea2143834317043f19cbc3dddf8ad9047a5.tar.gz
openshift-b8e72ea2143834317043f19cbc3dddf8ad9047a5.tar.bz2
openshift-b8e72ea2143834317043f19cbc3dddf8ad9047a5.tar.xz
openshift-b8e72ea2143834317043f19cbc3dddf8ad9047a5.zip
Merge pull request #2358 from abutcher/service-serving-certs
enable service-serving-cert-signer by default
-rw-r--r--filter_plugins/openshift_master.py3
-rw-r--r--roles/openshift_master/templates/master.yaml.v1.j27
2 files changed, 10 insertions, 0 deletions
diff --git a/filter_plugins/openshift_master.py b/filter_plugins/openshift_master.py
index d196d6c1f..ee6a62ba5 100644
--- a/filter_plugins/openshift_master.py
+++ b/filter_plugins/openshift_master.py
@@ -550,6 +550,9 @@ class FilterModule(object):
certs += ['openshift-master.crt',
'openshift-master.key',
'openshift-master.kubeconfig']
+ if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']):
+ certs += ['service-signer.crt',
+ 'service-signer.key']
return certs
@staticmethod
diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2
index 0683fa95a..ced3eb76f 100644
--- a/roles/openshift_master/templates/master.yaml.v1.j2
+++ b/roles/openshift_master/templates/master.yaml.v1.j2
@@ -44,6 +44,13 @@ auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
{% endif %}
controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }}
{% endif %}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+controllerConfig:
+ serviceServingCert:
+ signer:
+ certFile: service-signer.crt
+ keyFile: service-signer.key
+{% endif %}
controllers: '*'
corsAllowedOrigins:
{% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %}