Skip to content

Commit

Permalink
add encryptionAlgorithm for ClusterConfigration (#11751)
Browse files Browse the repository at this point in the history 
Signed-off-by: bo.jiang <[email protected]>
  • Loading branch information
@ErikJiang
ErikJiang authored Nov 28, 2024
1 parent e1ab312 commit 9f01eff
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
5 changes: 5 additions & 0 deletions roles/kubernetes/control-plane/defaults/main/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,3 +236,8 @@ kube_apiserver_tracing_sampling_rate_per_million: 100

# Enable kubeadm file discovery if anonymous access has been removed
kubeadm_use_file_discovery: "{{ remove_anonymous_access }}"

# Supported asymmetric encryption algorithm types for the cluster's keys and certificates.
# can be one of RSA-2048(default), RSA-3072, RSA-4096, ECDSA-P256
# ref: https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta4/#kubeadm-k8s-io-v1beta4-ClusterConfiguration
kube_asymmetric_encryption_algorithm: "RSA-2048"
1 change: 1 addition & 0 deletions roles/kubernetes/control-plane/templates/kubeadm-config.v1beta4.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ patches:
apiVersion: kubeadm.k8s.io/v1beta4
kind: ClusterConfiguration
clusterName: {{ cluster_name }}
encryptionAlgorithm: {{ kube_asymmetric_encryption_algorithm }}
etcd:
{% if etcd_deployment_type != "kubeadm" %}
external:
Expand Down

0 comments on commit 9f01eff

Please sign in to comment.