From 4712f60eb472480ac69fb77364e38c068ba48396 Mon Sep 17 00:00:00 2001 From: Kaspars Skels Date: Sat, 30 Sep 2017 11:58:55 -0500 Subject: [PATCH] Use default k8s secure port based on docs OSH ingres controller clash with 443 port. Suggest to change k8s to align with defaults from docs Fix kube-dns policy error Change-Id: Iaca1957292a0a9b4de2be044ea12bec0c77c5301 --- .../charts/kube-dns/templates/rbac.yaml | 33 ------------------- .../etc/kubernetes/kubelet/kubeconfig.yaml | 2 +- .../etc/kubernetes/proxy/kubeconfig.yaml | 2 +- .../kubernetes/asset-loader/kubeconfig.yaml | 2 +- .../etc/kubernetes/genesis/kubeconfig.yaml | 2 +- .../etc/kubernetes/admin/kubeconfig.yaml | 2 +- .../controller-manager/kubeconfig.yaml | 2 +- .../kubelet/manifests/kube-apiserver.yaml | 2 +- .../etc/kubernetes/scheduler/kubeconfig.yaml | 2 +- 9 files changed, 8 insertions(+), 41 deletions(-) diff --git a/assets/etc/kubernetes/armada-loader/assets/charts/kube-dns/templates/rbac.yaml b/assets/etc/kubernetes/armada-loader/assets/charts/kube-dns/templates/rbac.yaml index 52db9471..3c25d22f 100644 --- a/assets/etc/kubernetes/armada-loader/assets/charts/kube-dns/templates/rbac.yaml +++ b/assets/etc/kubernetes/armada-loader/assets/charts/kube-dns/templates/rbac.yaml @@ -1,36 +1,3 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - labels: - kubernetes.io/bootstrapping: rbac-defaults - name: system:kube-dns -rules: -- apiGroups: - - "" - resources: - - endpoints - - services - verbs: - - list - - watch - ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - labels: - kubernetes.io/bootstrapping: rbac-defaults - name: system:kube-dns -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:kube-dns -subjects: -- kind: ServiceAccount - name: kube-dns - namespace: kube-system - --- apiVersion: v1 kind: ServiceAccount diff --git a/promenade/templates/common/etc/kubernetes/kubelet/kubeconfig.yaml b/promenade/templates/common/etc/kubernetes/kubelet/kubeconfig.yaml index 6876aa4f..41d9e6f9 100644 --- a/promenade/templates/common/etc/kubernetes/kubelet/kubeconfig.yaml +++ b/promenade/templates/common/etc/kubernetes/kubelet/kubeconfig.yaml @@ -2,7 +2,7 @@ apiVersion: v1 clusters: - cluster: - server: https://kubernetes + server: https://kubernetes:6443 certificate-authority: /etc/kubernetes/kubelet/pki/cluster-ca.pem name: kubernetes contexts: diff --git a/promenade/templates/common/etc/kubernetes/proxy/kubeconfig.yaml b/promenade/templates/common/etc/kubernetes/proxy/kubeconfig.yaml index c38da35d..0c40dd43 100644 --- a/promenade/templates/common/etc/kubernetes/proxy/kubeconfig.yaml +++ b/promenade/templates/common/etc/kubernetes/proxy/kubeconfig.yaml @@ -2,7 +2,7 @@ apiVersion: v1 clusters: - cluster: - server: https://kubernetes + server: https://kubernetes:6443 certificate-authority: /etc/kubernetes/proxy/pki/cluster-ca.pem name: kubernetes contexts: diff --git a/promenade/templates/genesis/etc/kubernetes/asset-loader/kubeconfig.yaml b/promenade/templates/genesis/etc/kubernetes/asset-loader/kubeconfig.yaml index 4509a40d..ff738781 100644 --- a/promenade/templates/genesis/etc/kubernetes/asset-loader/kubeconfig.yaml +++ b/promenade/templates/genesis/etc/kubernetes/asset-loader/kubeconfig.yaml @@ -2,7 +2,7 @@ apiVersion: v1 clusters: - cluster: - server: https://kubernetes + server: https://kubernetes:6443 certificate-authority: /etc/kubernetes/asset-loader/pki/cluster-ca.pem name: kubernetes contexts: diff --git a/promenade/templates/genesis/etc/kubernetes/genesis/kubeconfig.yaml b/promenade/templates/genesis/etc/kubernetes/genesis/kubeconfig.yaml index 9df887fb..299c61b8 100644 --- a/promenade/templates/genesis/etc/kubernetes/genesis/kubeconfig.yaml +++ b/promenade/templates/genesis/etc/kubernetes/genesis/kubeconfig.yaml @@ -2,7 +2,7 @@ apiVersion: v1 clusters: - cluster: - server: https://127.0.0.1 + server: https://127.0.0.1:6443 certificate-authority: /target/etc/kubernetes/admin/pki/cluster-ca.pem name: kubernetes contexts: diff --git a/promenade/templates/master/etc/kubernetes/admin/kubeconfig.yaml b/promenade/templates/master/etc/kubernetes/admin/kubeconfig.yaml index b5b5a837..f0c91bd7 100644 --- a/promenade/templates/master/etc/kubernetes/admin/kubeconfig.yaml +++ b/promenade/templates/master/etc/kubernetes/admin/kubeconfig.yaml @@ -2,7 +2,7 @@ apiVersion: v1 clusters: - cluster: - server: https://kubernetes + server: https://kubernetes:6443 certificate-authority: /etc/kubernetes/admin/pki/cluster-ca.pem name: kubernetes contexts: diff --git a/promenade/templates/master/etc/kubernetes/controller-manager/kubeconfig.yaml b/promenade/templates/master/etc/kubernetes/controller-manager/kubeconfig.yaml index ee6b4e02..6ca9e747 100644 --- a/promenade/templates/master/etc/kubernetes/controller-manager/kubeconfig.yaml +++ b/promenade/templates/master/etc/kubernetes/controller-manager/kubeconfig.yaml @@ -2,7 +2,7 @@ apiVersion: v1 clusters: - cluster: - server: https://kubernetes + server: https://kubernetes:6443 certificate-authority: /etc/kubernetes/controller-manager/pki/cluster-ca.pem name: kubernetes contexts: diff --git a/promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-apiserver.yaml b/promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-apiserver.yaml index f297ca0b..006c193e 100644 --- a/promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-apiserver.yaml +++ b/promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-apiserver.yaml @@ -26,7 +26,7 @@ spec: - --insecure-bind-address=127.0.0.1 - --bind-address=0.0.0.0 - --runtime-config=batch/v2alpha1=true - - --secure-port=443 + - --secure-port=6443 - --allow-privileged=true - --etcd-servers=https://kubernetes:2379 - --etcd-cafile=/etc/kubernetes/pki/etcd-client-ca.pem diff --git a/promenade/templates/master/etc/kubernetes/scheduler/kubeconfig.yaml b/promenade/templates/master/etc/kubernetes/scheduler/kubeconfig.yaml index 4f215d0d..20f7dcf1 100644 --- a/promenade/templates/master/etc/kubernetes/scheduler/kubeconfig.yaml +++ b/promenade/templates/master/etc/kubernetes/scheduler/kubeconfig.yaml @@ -2,7 +2,7 @@ apiVersion: v1 clusters: - cluster: - server: https://kubernetes + server: https://kubernetes:6443 certificate-authority: /etc/kubernetes/scheduler/pki/cluster-ca.pem name: kubernetes contexts: