Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ansible kube-apiserver设计漏洞 #727

Closed
Hello-Linux opened this issue Nov 7, 2019 · 4 comments
Closed

ansible kube-apiserver设计漏洞 #727

Hello-Linux opened this issue Nov 7, 2019 · 4 comments
Labels
stale

Comments

@Hello-Linux
Copy link
Contributor

我看在你设计的ansible安装kube-apiserver启动参数里面写死了--kubelet-client-key={{ ca_dir }}/admin-key.pem 但是如果我在安装过程中USER_NAME: "read" 为read的话最后ansible生成的证书私钥就是read.pem了,后面你安装apiserver肯定会报错的,这个逻辑bug必须修复吧!

000
001
002
@gjmzj
Copy link
Collaborator

gjmzj commented Nov 7, 2019

确实这块逻辑确实要调整下,其实为了整个流程跑完 admin.pem/admin-key.pem是必不可少的;创建read权限应该作为额外功能/需求,不应该耦合在安装脚本中;

@Hello-Linux
Copy link
Contributor Author

@gjmzj 嗯嗯 后面可以将创建read权限单独做一个自定义选择,admin默认生成。

gjmzj added a commit that referenced this issue Nov 17, 2019
@gjmzj
分离生成read权限kubeconfig #727
faf78af
@github-actions
Copy link

This issue is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale label Jan 28, 2023
@github-actions
Copy link

github-actions bot commented Feb 4, 2023

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions github-actions bot closed this as completed Feb 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Hello-Linux @gjmzj