Permalink
Browse files

Configure Keystone Authentication

  • Loading branch information...
zioproto committed Jan 24, 2018
1 parent 36a8c8e commit b966b1e0452a6857334c6881cba9bd7f6bc562f3
Showing with 88 additions and 0 deletions.
  1. +55 −0 files/k8s-keystone-auth.yaml.j2
  2. +17 −0 files/webhook.kubeconfig.yaml
  3. +16 −0 roles/kubeadm-master/tasks/main.yaml
@@ -0,0 +1,55 @@
---
apiVersion: v1
kind: Pod
metadata:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ""
creationTimestamp: null
labels:
component: k8s-keystone-auth
tier: control-plane
name: k8s-keystone-auth
namespace: kube-system
spec:
containers:
- command:
- ./bin/k8s-keystone-auth
- --tls-cert-file
- /etc/kubernetes/pki/apiserver.crt
- --tls-private-key-file
- /etc/kubernetes/pki/apiserver.key
- --keystone-url
- {{ lookup('env','OS_AUTH_URL') | replace("v2.0","v3") }}
image: zioproto/k8s-keystone-auth
imagePullPolicy: Always
#livenessProbe:
# failureThreshold: 8
# httpGet:
# host: 127.0.0.1
# path: /healthz
# port: 6443
# scheme: HTTPS
# initialDelaySeconds: 15
# timeoutSeconds: 15
name: k8s-keystone-auth
resources:
requests:
cpu: 250m
volumeMounts:
- mountPath: /etc/kubernetes/pki
name: k8s-certs
readOnly: true
- mountPath: /etc/ssl/certs
name: ca-certs
readOnly: true
hostNetwork: true
volumes:
- hostPath:
path: /etc/kubernetes/pki
type: DirectoryOrCreate
name: k8s-certs
- hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
name: ca-certs
status: {}
@@ -0,0 +1,17 @@
---
apiVersion: v1
clusters:
- cluster:
insecure-skip-tls-verify: true
server: https://localhost:8443/webhook
name: webhook
contexts:
- context:
cluster: webhook
user: webhook
name: webhook
current-context: webhook
kind: Config
preferences: {}
users:
- name: webhook
@@ -28,6 +28,22 @@
dest: /etc/kubernetes/manifests/kube-controller-manager.yaml
src: files/kube-controller-manager.yaml
- name: Upload webook kubeconfig file
copy:
dest: /etc/kubernetes/pki/webhook.kubeconfig.yaml
src: files/webhook.kubeconfig.yaml
- name: Upload webook kubeconfig file
template:
dest: /etc/kubernetes/manifests/k8s-keystone-auth.yaml
src: files/k8s-keystone-auth.yaml.j2
- name: Configure keystone integration
blockinfile:
insertbefore: 'image: '
block: " - --authentication-token-webhook-config-file=/etc/kubernetes/pki/webhook.kubeconfig.yaml"
path: /etc/kubernetes/manifests/kube-apiserver.yaml
- name: Ensure kubectl configuration directory is present
become: True
file:

0 comments on commit b966b1e

Please sign in to comment.