43 lines
1.4 KiB
YAML
43 lines
1.4 KiB
YAML
#cloud-config
|
|
merge_how: dict(recurse_array)+list(append)
|
|
bootcmd:
|
|
- mkdir -p /srv/salt-overlay/salt/kube-apiserver
|
|
- mkdir -p /srv/salt-overlay/salt/kubelet
|
|
write_files:
|
|
- path: /srv/salt-overlay/salt/kube-apiserver/basic_auth.csv
|
|
permissions: "0600"
|
|
content: |
|
|
$apiserver_password,$apiserver_user,admin
|
|
- path: /srv/salt-overlay/salt/kube-apiserver/known_tokens.csv
|
|
permissions: "0600"
|
|
content: |
|
|
$token_kubelet,kubelet,kubelet
|
|
$token_kube_proxy,kube_proxy,kube_proxy
|
|
TokenSystemScheduler,system:scheduler,system:scheduler
|
|
TokenSystemControllerManager,system:controller_manager,system:controller_manager
|
|
TokenSystemLogging,system:logging,system:logging
|
|
TokenSystemMonitoring,system:monitoring,system:monitoring
|
|
TokenSystemDns,system:dns,system:dns
|
|
- path: /srv/salt-overlay/salt/kubelet/kubernetes_auth
|
|
permissions: "0600"
|
|
content: |
|
|
{"BearerToken": "$token_kubelet", "Insecure": true }
|
|
- path: /srv/salt-overlay/salt/kubelet/kubeconfig
|
|
permissions: "0600"
|
|
content: |
|
|
apiVersion: v1
|
|
kind: Config
|
|
users:
|
|
- name: kubelet
|
|
user:
|
|
token: $token_kubelet
|
|
clusters:
|
|
- name: local
|
|
cluster:
|
|
insecure-skip-tls-verify: true
|
|
contexts:
|
|
- context:
|
|
cluster: local
|
|
user: kubelet
|
|
name: service-account-context
|
|
current-context: service-account-context
|