Hi Sergey, In magnum queens we can set the private ca as a service account key. Here [1] we can set the ca.key file. When the label cert_manager_api is set to true.
Cheers, Spyros [1] https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh#L32 On 20 April 2018 at 19:57, Sergey Filatov <[email protected]> wrote: > Hello, > > I looked into k8s drivers for magnum I see that each api-server on master > node generates it’s own service-account-key-file. This causes issues with > service-accounts authenticating on api-server. (In case api-server endpoint > moves). > As far as I understand we should have either all api-server keys synced on > api-servesr or pre-generate single api-server key. > > What is the way for magnum to get over this issue? > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
