mirrors/kubernetes-the-hard-way
1
0
Fork 0
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way.git synced 2025-09-18 01:50:40 +03:00
Code Issues Projects Releases Wiki Activity

Fix bug in renewer code

Browse Source
This commit is contained in:
Carl Tashian
2022-03-22 14:54:26 -07:00
parent 300f2fc77c
commit 340050478d
1 changed files with 5 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/13-certificate-renewal.md
View File

@@ -142,8 +142,7 @@ sudo mkdir /etc/systemd/system/cert-renewer@kube-controller-manager.service.d
cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kube-controller-manager.service.d/override.conf cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kube-controller-manager.service.d/override.conf
[Service] [Service]
Environment=STEPPATH=/root/.step \\ Environment=STEPPATH=/root/.step \\
CERT_LOCATION=/var/lib/kubernetes/kube-controller-manager.pem CERT_LOCATION=/var/lib/kubernetes/kube-controller-manager.pem \\
\\
KEY_LOCATION=/var/lib/kubernetes/kube-controller-manager-key.pem KEY_LOCATION=/var/lib/kubernetes/kube-controller-manager-key.pem
ExecStartPost=kubectl config set-credentials system:kube-controller-manager \\ ExecStartPost=kubectl config set-credentials system:kube-controller-manager \\
@@ -167,8 +166,7 @@ sudo mkdir /etc/systemd/system/cert-renewer@kube-scheduler.service.d
cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kube-scheduler.service.d/override.conf cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kube-scheduler.service.d/override.conf
[Service] [Service]
Environment=STEPPATH=/root/.step \\ Environment=STEPPATH=/root/.step \\
CERT_LOCATION=/var/lib/kubernetes/kube-scheduler.pem CERT_LOCATION=/var/lib/kubernetes/kube-scheduler.pem \\
\\
KEY_LOCATION=/var/lib/kubernetes/kube-scheduler-key.pem KEY_LOCATION=/var/lib/kubernetes/kube-scheduler-key.pem
ExecStartPost=kubectl config set-credentials system:kube-scheduler \\ ExecStartPost=kubectl config set-credentials system:kube-scheduler \\
@@ -212,8 +210,7 @@ sudo mkdir /etc/systemd/system/cert-renewer@kube-service-account.service.d
cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kube-service-account.service.d/override.conf cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kube-service-account.service.d/override.conf
[Service] [Service]
Environment=STEPPATH=/root/.step \\ Environment=STEPPATH=/root/.step \\
CERT_LOCATION=/var/lib/kubernetes/service-account.pem CERT_LOCATION=/var/lib/kubernetes/service-account.pem \\
\\
KEY_LOCATION=/var/lib/kubernetes/service-account-key.pem KEY_LOCATION=/var/lib/kubernetes/service-account-key.pem
; Restart services that use the service account certificate or key ; Restart services that use the service account certificate or key
@@ -244,8 +241,7 @@ sudo mkdir /etc/systemd/system/cert-renewer@kubelet.service.d
cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kubelet.service.d/override.conf cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kubelet.service.d/override.conf
[Service] [Service]
Environment=STEPPATH=/root/.step \\ Environment=STEPPATH=/root/.step \\
CERT_LOCATION=/var/lib/kubelet/${HOSTNAME}.pem CERT_LOCATION=/var/lib/kubelet/${HOSTNAME}.pem \\
\\
KEY_LOCATION=/var/lib/kubelet/${HOSTNAME}-key.pem KEY_LOCATION=/var/lib/kubelet/${HOSTNAME}-key.pem
; Restart services that use the service account certificate or key ; Restart services that use the service account certificate or key
@@ -264,8 +260,7 @@ sudo mkdir /etc/systemd/system/cert-renewer@kube-proxy.service.d
cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kube-proxy.service.d/override.conf cat <<EOF | sudo tee /etc/systemd/system/cert-renewer@kube-proxy.service.d/override.conf
[Service] [Service]
Environment=STEPPATH=/root/.step \\ Environment=STEPPATH=/root/.step \\
CERT_LOCATION=/var/lib/kube-proxy/kube-proxy.pem CERT_LOCATION=/var/lib/kube-proxy/kube-proxy.pem \\
\\
KEY_LOCATION=/var/lib/kube-proxy/kube-proxy.pem KEY_LOCATION=/var/lib/kube-proxy/kube-proxy.pem
ExecStartPost=kubectl config set-credentials system:kube-proxy \\ ExecStartPost=kubectl config set-credentials system:kube-proxy \\