*** Wartungsfenster jeden ersten Mittwoch vormittag im Monat ***

Skip to content
Snippets Groups Projects
Commit 20909116 authored by entlein's avatar entlein
Browse files

adding the service account issuer params, need to check if those paths exits,... 

adding the service account issuer params, need to check if those paths exits, if we have a PKI and how to stuff the openssl certs into this
parent a45f73f6
Branches
Tags hub-2.3.0
1 merge request!1Restore main as the default branch
Hide whitespace changes
Inline Side-by-side
roles/rke2/templates/config.yaml.j2
+ 8
1
View file @ 20909116
...@@ -39,7 +39,14 @@ resolv-conf: "{{ resolv_conf_server }}" ...@@ -39,7 +39,14 @@ resolv-conf: "{{ resolv_conf_server }}"
{# disable-cloud-controller: true #} {# disable-cloud-controller: true #}
write-kubeconfig-mode: "0644" write-kubeconfig-mode: "0644"
kube-apiserver-arg: "--feature-gates=ServiceAccountIssuerDiscovery=true,JobTrackingWithFinalizers=true,PodSecurity=true" kube-apiserver-arg: "--feature-gates=ServiceAccountIssuerDiscovery=true,JobTrackingWithFinalizers=true,PodSecurity=true"
kube-apiserver-extra-env: #TODO write nice for-loop
kube-ansible_default_ipv4:
extra_args:
service-account-issuer: "kubernetes.default.svc"
service-account-signing-key-file: "/etc/kubernetes/ssl/kube-service-account-token-key.pem"
service-account-key-file:"/etc/kubernetes/ssl/kube-service-account-token"
service-account-jwks-uri: "https://localhost:6443/openid/v1/jwks"
{% if cni is defined and cni | length > 0 %} {% if cni is defined and cni | length > 0 %}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

[ 9.Nov 19h : 4,522 users | 1,074 groups | 6,332 projects ]