summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl7
-rw-r--r--charts/apiserver/values.yaml6
2 files changed, 12 insertions, 1 deletions
diff --git a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
index 73f6ccf..9dc844f 100644
--- a/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
+++ b/charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl
@@ -61,7 +61,12 @@ spec:
61 {{- end }} 61 {{- end }}
62 {{- end }} 62 {{- end }}
63 {{- end }} 63 {{- end }}
64 64 {{- $acceptable_keys := list "tls-min-version" "tls-cipher-suites" }}
65 {{- range $key, $val := .Values.apiserver.tls }}
66 {{- if has $key $acceptable_keys }}
67 - --{{ $key }}={{ $val | quote }}
68 {{- end }}
69 {{- end }}
65 ports: 70 ports:
66 - containerPort: {{ .Values.network.kubernetes_apiserver.port }} 71 - containerPort: {{ .Values.network.kubernetes_apiserver.port }}
67 72
diff --git a/charts/apiserver/values.yaml b/charts/apiserver/values.yaml
index b7c5ecf..231e9e1 100644
--- a/charts/apiserver/values.yaml
+++ b/charts/apiserver/values.yaml
@@ -121,6 +121,12 @@ apiserver:
121 etcd: 121 etcd:
122 endpoints: https://kubernetes-etcd.kube-system.svc.cluster.local 122 endpoints: https://kubernetes-etcd.kube-system.svc.cluster.local
123 host_etc_path: /etc/kubernetes/apiserver 123 host_etc_path: /etc/kubernetes/apiserver
124#XXX another possible configuration
125# tls:
126# tls-cipher-suites: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA"
127# # https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
128# #Possible values: VersionTLS10, VersionTLS11, VersionTLS12
129# tls-min-version: 'VersionTLS12'
124 130
125network: 131network:
126 kubernetes_apiserver: 132 kubernetes_apiserver: