Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

Commit

Permalink
enable AggregatedAPI's by default for k8s 1.9.0+ (#2264)
Browse files Browse the repository at this point in the history
  • Loading branch information
pidah authored and jackfrancis committed Feb 14, 2018
1 parent 84f0819 commit bb26c50
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 4 deletions.
6 changes: 3 additions & 3 deletions parts/k8s/kubernetesmastercustomdata.yml
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ write_files:
content: |
{{WrapAsVariable "clientCertificate"}}
{{if .OrchestratorProfile.KubernetesConfig.EnableAggregatedAPIs}}
{{if EnableAggregatedAPIs}}
- path: "/etc/kubernetes/generate-proxy-certs.sh"
permissions: "0744"
encoding: "gzip"
Expand Down Expand Up @@ -323,7 +323,7 @@ MASTER_ARTIFACTS_CONFIG_PLACEHOLDER
mkdir -p /etc/kubernetes/manifests
usermod -aG docker {{WrapAsVariable "username"}}
{{if .OrchestratorProfile.KubernetesConfig.EnableAggregatedAPIs}}
{{if EnableAggregatedAPIs}}
sudo bash /etc/kubernetes/generate-proxy-certs.sh
{{end}}
Expand Down Expand Up @@ -376,7 +376,7 @@ runcmd:
- mkdir -p /etc/kubernetes/manifests
- usermod -aG docker {{WrapAsVariable "username"}}
- /usr/lib/apt/apt.systemd.daily
{{if .OrchestratorProfile.KubernetesConfig.EnableAggregatedAPIs}}
{{if EnableAggregatedAPIs}}
- bash /etc/kubernetes/generate-proxy-certs.sh
{{end}}
- apt-mark unhold walinuxagent
Expand Down
2 changes: 1 addition & 1 deletion pkg/acsengine/defaults-apiserver.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ func setAPIServerConfig(cs *api.ContainerService) {
}

// Aggregated API configuration
if o.KubernetesConfig.EnableAggregatedAPIs {
if o.KubernetesConfig.EnableAggregatedAPIs || isKubernetesVersionGe(o.OrchestratorVersion, "1.9.0") {
staticLinuxAPIServerConfig["--requestheader-client-ca-file"] = "/etc/kubernetes/certs/proxy-ca.crt"
staticLinuxAPIServerConfig["--proxy-client-cert-file"] = "/etc/kubernetes/certs/proxy.crt"
staticLinuxAPIServerConfig["--proxy-client-key-file"] = "/etc/kubernetes/certs/proxy.key"
Expand Down
8 changes: 8 additions & 0 deletions pkg/acsengine/engine.go
Original file line number Diff line number Diff line change
Expand Up @@ -1599,6 +1599,14 @@ func (t *TemplateGenerator) getTemplateFuncMap(cs *api.ContainerService) templat
"EnableDataEncryptionAtRest": func() bool {
return helpers.IsTrueBoolPointer(cs.Properties.OrchestratorProfile.KubernetesConfig.EnableDataEncryptionAtRest)
},
"EnableAggregatedAPIs": func() bool {
if cs.Properties.OrchestratorProfile.KubernetesConfig.EnableAggregatedAPIs {
return true
} else if isKubernetesVersionGe(cs.Properties.OrchestratorProfile.OrchestratorVersion, "1.9.0") {
return true
}
return false
},
// inspired by http://stackoverflow.com/questions/18276173/calling-a-template-with-several-pipeline-parameters/18276968#18276968
"dict": func(values ...interface{}) (map[string]interface{}, error) {
if len(values)%2 != 0 {
Expand Down

0 comments on commit bb26c50

Please sign in to comment.