mirror of
https://github.com/puppetmaster/typhoon.git
synced 2024-12-25 18:49:33 +01:00
37981f9fb1
* Require Webhook authorization to the Kubelet * Switch apiserver X509 client cert org to systems:masters to grant the apiserver admin and satisfy the authorization requirement. kubectl commands like logs or exec that have the apiserver make requests of a kubelet continue to work as before * https://kubernetes.io/docs/admin/kubelet-authentication-authorization/ * https://github.com/poseidon/typhoon/issues/215
18 lines
736 B
HCL
18 lines
736 B
HCL
# Self-hosted Kubernetes assets (kubeconfig, manifests)
|
|
module "bootkube" {
|
|
source = "git::https://github.com/poseidon/terraform-render-bootkube.git?ref=28f68db28e06e9fe3422ed49c98986375783a862"
|
|
|
|
cluster_name = "${var.cluster_name}"
|
|
api_servers = ["${format("%s.%s", var.cluster_name, var.dns_zone)}"]
|
|
etcd_servers = ["${aws_route53_record.etcds.*.fqdn}"]
|
|
asset_dir = "${var.asset_dir}"
|
|
networking = "${var.networking}"
|
|
network_mtu = "${var.network_mtu}"
|
|
pod_cidr = "${var.pod_cidr}"
|
|
service_cidr = "${var.service_cidr}"
|
|
cluster_domain_suffix = "${var.cluster_domain_suffix}"
|
|
|
|
# Fedora
|
|
trusted_certs_dir = "/etc/pki/tls/certs"
|
|
}
|