openstack
/
magnum
Code Issues Proposed changes
magnum/magnum/drivers/common/templates/kubernetes/fragments
History
Feilong Wang 16344a5a95 Add separated CA cert for etcd and front-proxy 
Support creating different for k8s, etcd and front-proxy for
security hardening. We're following some best practices[1][2] but
adjusted based on the current Magnum deployment approach.

[1] https://kubernetes.io/docs/setup/best-practices/certificates/
[2] https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/

Task: 40687
Story: 2008031

Change-Id: I523a4a85867f82d234ba1f3e6fad8b8cd2291182
 		2021-04-01 17:31:34 +00:00
..
add-proxy.sh Remove shebang from scripts 2020-06-16 20:53:07 +00:00
calico-service-v3-3-x.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
calico-service.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
configure-etcd.sh Merge "Remove shebang from scripts" 2020-06-26 16:02:18 +00:00
configure-kubernetes-master.sh Add separated CA cert for etcd and front-proxy 2021-04-01 17:31:34 +00:00
configure-kubernetes-minion.sh Merge "k8s: Do not use insecure api port" 2021-02-10 10:00:26 +00:00
core-dns-service.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
disable-selinux.sh Remove shebang from scripts 2020-06-16 20:53:07 +00:00
enable-auto-healing.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-auto-scaling.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-cert-api-manager.sh Remove shebang from scripts 2020-06-16 20:53:07 +00:00
enable-cinder-csi.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-helm-tiller.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-ingress-controller.sh Remove shebang from scripts 2020-06-16 20:53:07 +00:00
enable-ingress-octavia.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-ingress-traefik.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-keystone-auth.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-prometheus-monitoring.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-services-master.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
enable-services-minion.sh Remove shebang from scripts 2020-06-16 20:53:07 +00:00
flannel-service.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
install-clients.sh k8s-fcos: Source bashrc for clusterconfig 2020-11-09 11:11:10 +00:00
install-cri.sh Update containerd version and tarball URL 2021-01-05 09:35:44 +00:00
install-helm-modules.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
kube-apiserver-to-kubelet-role.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
kube-dashboard-service.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
make-cert-client.sh [k8s] Support CA certs rotate 2020-08-24 16:31:58 +12:00
make-cert.sh Add separated CA cert for etcd and front-proxy 2021-04-01 17:31:34 +00:00
rotate-kubernetes-ca-certs-master.sh [k8s] Support CA certs rotate 2020-08-24 16:31:58 +12:00
rotate-kubernetes-ca-certs-worker.sh [k8s] Support CA certs rotate 2020-08-24 16:31:58 +12:00
start-container-agent.sh Remove shebang from scripts 2020-06-16 20:53:07 +00:00
upgrade-kubernetes.sh [k8s] Support CA certs rotate 2020-08-24 16:31:58 +12:00
wc-notify-master.sh k8s: Do not use insecure api port 2021-02-02 09:10:25 +00:00
write-heat-params-master.sh 3. Configure monitoring apps path based endpoints 2021-02-05 15:52:52 +00:00
write-heat-params.sh Remove shebang from scripts 2020-06-16 20:53:07 +00:00
write-kube-os-config.sh Fix Cinder CSI 2020-11-19 20:14:22 +00:00