summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/kubernetes/standalone/base/tasks/tls.yml4
-rw-r--r--roles/monitoring/prometheus/exporter/standalone-kubelet/tasks/main.yml6
2 files changed, 9 insertions, 1 deletions
diff --git a/roles/kubernetes/standalone/base/tasks/tls.yml b/roles/kubernetes/standalone/base/tasks/tls.yml
index 39952267..5603f8ec 100644
--- a/roles/kubernetes/standalone/base/tasks/tls.yml
+++ b/roles/kubernetes/standalone/base/tasks/tls.yml
@@ -68,7 +68,9 @@
openssl_csr:
path: /etc/ssl/standalone-kubelet/server/csr.pem
privatekey_path: /etc/ssl/standalone-kubelet/server/key.pem
- CN: "{{ inventory_hostname }}"
+ CN: "{{ kubernetes_standalone_address | default('127.0.0.1') }}"
+ subject_alt_name:
+ - "IP:{{ kubernetes_standalone_address | default('127.0.0.1') }}"
key_usage:
- digitalSignature
key_usage_critical: yes
diff --git a/roles/monitoring/prometheus/exporter/standalone-kubelet/tasks/main.yml b/roles/monitoring/prometheus/exporter/standalone-kubelet/tasks/main.yml
index ffeb974f..3335769a 100644
--- a/roles/monitoring/prometheus/exporter/standalone-kubelet/tasks/main.yml
+++ b/roles/monitoring/prometheus/exporter/standalone-kubelet/tasks/main.yml
@@ -4,16 +4,22 @@
content: |
location = /standalone-kubelet {
proxy_pass https://{{ kubernetes_standalone_address | default('127.0.0.1') }}:{{ kubernetes_standalone_port | default(10250) }}/metrics;
+ proxy_ssl_verify on;
+ proxy_ssl_trusted_certificate /etc/ssl/standalone-kubelet/ca-crt.pem;
proxy_ssl_certificate /etc/ssl/standalone-kubelet/client/crt.pem;
proxy_ssl_certificate_key /etc/ssl/standalone-kubelet/client/key.pem;
}
location = /standalone-kubelet/resource {
proxy_pass https://{{ kubernetes_standalone_address | default('127.0.0.1') }}:{{ kubernetes_standalone_port | default(10250) }}/metrics/resource;
+ proxy_ssl_verify on;
+ proxy_ssl_trusted_certificate /etc/ssl/standalone-kubelet/ca-crt.pem;
proxy_ssl_certificate /etc/ssl/standalone-kubelet/client/crt.pem;
proxy_ssl_certificate_key /etc/ssl/standalone-kubelet/client/key.pem;
}
location = /standalone-kubelet/probes {
proxy_pass https://{{ kubernetes_standalone_address | default('127.0.0.1') }}:{{ kubernetes_standalone_port | default(10250) }}/metrics/probes;
+ proxy_ssl_verify on;
+ proxy_ssl_trusted_certificate /etc/ssl/standalone-kubelet/ca-crt.pem;
proxy_ssl_certificate /etc/ssl/standalone-kubelet/client/crt.pem;
proxy_ssl_certificate_key /etc/ssl/standalone-kubelet/client/key.pem;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-05 14:05:07 +0000