[MediaWiki-commits] [Gerrit] operations/puppet[production]: Enable k8s::controller manager ServiceAccount signing
Alexandros Kosiaris has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/386755 )
Change subject: Enable k8s::controller manager ServiceAccount signing
..
Enable k8s::controller manager ServiceAccount signing
Specify the required hiera parameter to provide the controller manager
to create the tokens and secrets for ServiceAccounts
Bug: T177393
Change-Id: I202e547079f6ecf26d65d0ed87031a45019166a8
---
M hieradata/role/common/kubernetes/master.yaml
M hieradata/role/common/kubernetes/staging/master.yaml
2 files changed, 2 insertions(+), 0 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/role/common/kubernetes/master.yaml
b/hieradata/role/common/kubernetes/master.yaml
index aa84106..676e426 100644
--- a/hieradata/role/common/kubernetes/master.yaml
+++ b/hieradata/role/common/kubernetes/master.yaml
@@ -13,6 +13,7 @@
profile::kubernetes::master::ssl_cert_path:
"/etc/ssl/localcerts/kubemaster.svc.%{::site}.wmnet.crt"
profile::kubernetes::master::ssl_key_path:
"/etc/ssl/private/kubemaster.svc.%{::site}.wmnet.key"
profile::kubernetes::master::authz_mode: ''
+profile::kubernetes::master::service_account_private_key_file:
"/etc/ssl/private/kubemaster.svc.%{::site}.wmnet.key"
# TODO: This needs to become a profile
role::lvs::realserver::pools:
kubemaster: {}
diff --git a/hieradata/role/common/kubernetes/staging/master.yaml
b/hieradata/role/common/kubernetes/staging/master.yaml
index 00e562d..f4bc25c 100644
--- a/hieradata/role/common/kubernetes/staging/master.yaml
+++ b/hieradata/role/common/kubernetes/staging/master.yaml
@@ -14,6 +14,7 @@
profile::kubernetes::master::ssl_cert_path: "/etc/kubernetes/ssl/cert.pem"
profile::kubernetes::master::ssl_key_path: "/etc/kubernetes/ssl/server.key"
profile::kubernetes::master::authz_mode: ''
+profile::kubernetes::master::service_account_private_key_file:
"/etc/kubernetes/ssl/server.key"
profile::kubernetes::master::service_cluster_ip_range: 10.64.76.0/24
profile::kubernetes::master::etcd_urls:
- https://kubestagetcd1001.eqiad.wmnet:2379
--
To view, visit https://gerrit.wikimedia.org/r/386755
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I202e547079f6ecf26d65d0ed87031a45019166a8
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris
Gerrit-Reviewer: Alexandros Kosiaris
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Enable k8s::controller manager ServiceAccount signing
Alexandros Kosiaris has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/386755 )
Change subject: Enable k8s::controller manager ServiceAccount signing
..
Enable k8s::controller manager ServiceAccount signing
Specify the required hiera parameter to provide the controller manager
to create the tokens and secrets for ServiceAccounts
Bug: T177393
Change-Id: I202e547079f6ecf26d65d0ed87031a45019166a8
---
M hieradata/role/common/kubernetes/master.yaml
M hieradata/role/common/kubernetes/staging/master.yaml
2 files changed, 2 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/55/386755/1
diff --git a/hieradata/role/common/kubernetes/master.yaml
b/hieradata/role/common/kubernetes/master.yaml
index aa84106..676e426 100644
--- a/hieradata/role/common/kubernetes/master.yaml
+++ b/hieradata/role/common/kubernetes/master.yaml
@@ -13,6 +13,7 @@
profile::kubernetes::master::ssl_cert_path:
"/etc/ssl/localcerts/kubemaster.svc.%{::site}.wmnet.crt"
profile::kubernetes::master::ssl_key_path:
"/etc/ssl/private/kubemaster.svc.%{::site}.wmnet.key"
profile::kubernetes::master::authz_mode: ''
+profile::kubernetes::master::service_account_private_key_file:
"/etc/ssl/private/kubemaster.svc.%{::site}.wmnet.key"
# TODO: This needs to become a profile
role::lvs::realserver::pools:
kubemaster: {}
diff --git a/hieradata/role/common/kubernetes/staging/master.yaml
b/hieradata/role/common/kubernetes/staging/master.yaml
index 00e562d..f4bc25c 100644
--- a/hieradata/role/common/kubernetes/staging/master.yaml
+++ b/hieradata/role/common/kubernetes/staging/master.yaml
@@ -14,6 +14,7 @@
profile::kubernetes::master::ssl_cert_path: "/etc/kubernetes/ssl/cert.pem"
profile::kubernetes::master::ssl_key_path: "/etc/kubernetes/ssl/server.key"
profile::kubernetes::master::authz_mode: ''
+profile::kubernetes::master::service_account_private_key_file:
"/etc/kubernetes/ssl/server.key"
profile::kubernetes::master::service_cluster_ip_range: 10.64.76.0/24
profile::kubernetes::master::etcd_urls:
- https://kubestagetcd1001.eqiad.wmnet:2379
--
To view, visit https://gerrit.wikimedia.org/r/386755
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I202e547079f6ecf26d65d0ed87031a45019166a8
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
