-
Notifications
You must be signed in to change notification settings - Fork 714
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubeadm cannot mount basic auth file for apiserver static pod #441
Labels
priority/backlog
Higher priority than priority/awaiting-more-evidence.
Milestone
Comments
luxas
added
the
priority/backlog
Higher priority than priority/awaiting-more-evidence.
label
Oct 20, 2017
cc @andrewrynhard as your PR will fix this as well |
@luxas @andrewrynhard Do you have a link to the PR? |
First PR is here: kubernetes/kubernetes#49840 |
k8s-github-robot
pushed a commit
to kubernetes/kubernetes
that referenced
this issue
Nov 1, 2017
Automatic merge from submit-queue (batch tested with PRs 49840, 54937, 54543). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. kubeadm: Make it possible to configure volume mounts via the config file **What this PR does / why we need it**: Kubeadm mounts host CA certs into api server and controller manager. It uses `/etc/pki` and does not allow for the path to be configurable. This PR adds a default to `/etc/pki` but also allows a user to configure the path in the config file. In the case of using Container Linux, the CAs are located at `/usr/share/ca-certificates`, so without this PR the hardcoded `/etc/pki` path is used and will break, for example, the `--cloud-provider` flag because of missing CAs. Fixes kubernetes/kubeadm#484 Fixes kubernetes/kubeadm#476 Fixes kubernetes/kubeadm#441 /cc @luxas
daohoangson
added a commit
to daohoangson/kubespray
that referenced
this issue
Jul 8, 2018
The referenced issue (kubernetes/kubeadm#441) has already been fixed.
okamototk
pushed a commit
to okamototk/kubespray
that referenced
this issue
Aug 4, 2018
The referenced issue (kubernetes/kubeadm#441) has already been fixed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Choose one: BUG REPORT
Versions
kubeadm version (use
kubeadm version
): v1.8.0-beta1Environment:
kubectl version
): v1.7.3uname -a
):What happened?
In kubeadm v1.7.3, /etc/kubernetes is mounted directly on kube-apiserver static pod. This allows me to specify
basic-auth-file: /etc/kubernetes/users/known_users.csv
in the apiServerExtraArgs section. In v1.8.0-beta1, this mount was removed. Now only very specific mounts are made. If I move my users file into my pki dir, then it could be seen, but I don't prefer to store my user file there.What you expected to happen?
Keep /etc/kubernetes mount or make an option to specify extra mount volumes.
How to reproduce it (as minimally and precisely as possible)?
Add to kubeadm config YAML:
Create a basic auth csv file.
Anything else we need to know?
There should be an option to make extra mounts for static pods for features like basic auth file
The text was updated successfully, but these errors were encountered: