Skip to content

Commit

Permalink
fix required keys for apiserver
Browse files Browse the repository at this point in the history 
Keys --service-account-issuer --service-account-signing-key-file are now
required.

aenix-io/kubefarm#2
  • Loading branch information
@kvaps
kvaps committed Mar 2, 2021
1 parent 23f8396 commit c3573df
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions deploy/helm/kubernetes/templates/apiserver-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,9 +80,9 @@ spec:
- --tls-cert-file=/pki/apiserver-server/tls.crt
- --tls-private-key-file=/pki/apiserver-server/tls.key
- --egress-selector-config-file=/etc/kubernetes/egress-selector-configuration.yaml
{{- if .Values.konnectivityAgent.enabled }}{{"\n"}}
- --service-account-issuer=api
- --service-account-issuer=https://kubernetes.default.svc.cluster.local
- --service-account-signing-key-file=/pki/sa/tls.key
{{- if .Values.konnectivityAgent.enabled }}{{"\n"}}
- --api-audiences=system:konnectivity-server
{{- end }}
{{- if not (hasKey .Values.apiServer.extraArgs "advertise-address") }}
Expand Down

0 comments on commit c3573df

Please sign in to comment.