Remove /etc/ssl/certs in the controller manager pod
For system such as Fedora Atomic, the CA bundle files which are contained in /etc/ssl/certs are symbolic links to /etc/pki. When configuring the controller manager to use an SSL endpoint, it will raise an error as it is unable to authenticate the SSL endpoint. This patch removes the host mount at /etc/ssl/certs. The Hyperkube images already ship a collection of CAs which are likely good for all needs. Closes-Bug: #1708452 Change-Id: Ife2b60d1968482a8c3ab9b44abbe401c6230881c
This commit is contained in:
parent
4fb91cc109
commit
ae15aa6c28
|
@ -59,16 +59,10 @@ $(generate_pod_args " - " $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUB
|
|||
initialDelaySeconds: ${SYSTEM_PODS_INITIAL_DELAY}
|
||||
timeoutSeconds: ${SYSTEM_PODS_TIMEOUT}
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
- mountPath: /etc/kubernetes
|
||||
name: kubernetes-config
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
- hostPath:
|
||||
path: /etc/kubernetes
|
||||
name: kubernetes-config
|
||||
|
@ -105,16 +99,10 @@ $(generate_pod_args " - " $KUBE_LOGTOSTDERR $KUBE_LOG_LEVEL $KUBE_MASTER $KUB
|
|||
initialDelaySeconds: ${SYSTEM_PODS_INITIAL_DELAY}
|
||||
timeoutSeconds: ${SYSTEM_PODS_TIMEOUT}
|
||||
volumeMounts:
|
||||
- mountPath: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
readOnly: true
|
||||
- mountPath: /etc/kubernetes
|
||||
name: kubernetes-config
|
||||
readOnly: true
|
||||
volumes:
|
||||
- hostPath:
|
||||
path: /etc/ssl/certs
|
||||
name: ssl-certs-host
|
||||
- hostPath:
|
||||
path: /etc/kubernetes
|
||||
name: kubernetes-config
|
||||
|
|
Loading…
Reference in New Issue