Make cluster-config rbac compatible for kubebernetes
The user admin needs to have system:master in the organization and needs to be named admin. Closes-Bug: #1689849 Change-Id: If43c3d0a0d83c42ff1fceffe4bcc333b31dbdaab
This commit is contained in:
parent
e3202b95e1
commit
2d5efb2e4d
|
@ -193,13 +193,13 @@ def _config_cluster_kubernetes(cluster, cluster_template,
|
||||||
"contexts:\n"
|
"contexts:\n"
|
||||||
"- context:\n"
|
"- context:\n"
|
||||||
" cluster: %(name)s\n"
|
" cluster: %(name)s\n"
|
||||||
" user: %(name)s\n"
|
" user: admin\n"
|
||||||
" name: %(name)s\n"
|
" name: default\n"
|
||||||
"current-context: %(name)s\n"
|
"current-context: default\n"
|
||||||
"kind: Config\n"
|
"kind: Config\n"
|
||||||
"preferences: {}\n"
|
"preferences: {}\n"
|
||||||
"users:\n"
|
"users:\n"
|
||||||
"- name: %(name)s\n"
|
"- name: admin\n"
|
||||||
" user:\n"
|
" user:\n"
|
||||||
" client-certificate: %(cfg_dir)s/cert.pem\n"
|
" client-certificate: %(cfg_dir)s/cert.pem\n"
|
||||||
" client-key: %(cfg_dir)s/key.pem\n"
|
" client-key: %(cfg_dir)s/key.pem\n"
|
||||||
|
@ -249,9 +249,11 @@ def generate_csr_and_key():
|
||||||
key_size=2048,
|
key_size=2048,
|
||||||
backend=default_backend())
|
backend=default_backend())
|
||||||
|
|
||||||
csr = x509.CertificateSigningRequestBuilder().subject_name(x509.Name([
|
csr = x509.CertificateSigningRequestBuilder().subject_name(
|
||||||
x509.NameAttribute(NameOID.COMMON_NAME, u"Magnum User"),
|
x509.Name([
|
||||||
])).sign(key, hashes.SHA256(), default_backend())
|
x509.NameAttribute(NameOID.COMMON_NAME, u"admin"),
|
||||||
|
x509.NameAttribute(NameOID.ORGANIZATION_NAME, u"system:masters")
|
||||||
|
])).sign(key, hashes.SHA256(), default_backend())
|
||||||
|
|
||||||
result = {
|
result = {
|
||||||
'csr': csr.public_bytes(
|
'csr': csr.public_bytes(
|
||||||
|
|
Loading…
Reference in New Issue