jhunt
commented
4 years ago In Ubuntu, this is handled by:
cp /var/vcap/jobs/kubelet/tls/ca/cert.pem \
/usr/local/share/ca-certificates/k8s-boshrelease.crt \
&& update-ca-certificatesClosed jhunt closed 4 years ago
jhunt
commented
4 years ago In Ubuntu, this is handled by:
cp /var/vcap/jobs/kubelet/tls/ca/cert.pem \
/usr/local/share/ca-certificates/k8s-boshrelease.crt \
&& update-ca-certificatesIn CentOS, this is handled by:
cp /var/vcap/jobs/kubelet/tls/ca/cert.pem \
/etc/pki/ca-trust/source/anchors/k8s-boshrelease.crt \
&& update-ca-trust
Some things need the Kubernetes CA to be trusted to function properly (i.e. KubeCF) - add it to the system-wide bundle in a pre-deploy script.
This really ought to be able to handle both ubuntu and centos stemcells, equally.