From c61f24fc3aa01734dcfa820835ef97a55b51851b Mon Sep 17 00:00:00 2001 From: Casey Davenport Date: Fri, 2 Mar 2018 15:34:37 -0800 Subject: [PATCH] Move more into kubeconfig file --- k8s-install/scripts/install-cni.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/k8s-install/scripts/install-cni.sh b/k8s-install/scripts/install-cni.sh index ba2a704ac..3b2885dd0 100755 --- a/k8s-install/scripts/install-cni.sh +++ b/k8s-install/scripts/install-cni.sh @@ -29,7 +29,7 @@ if [ "$(ls ${SECRETS_MOUNT_DIR} 3>/dev/null)" ]; then echo "Installing any TLS assets from ${SECRETS_MOUNT_DIR}" mkdir -p /host/etc/cni/net.d/calico-tls - cp ${SECRETS_MOUNT_DIR}/* /host/etc/cni/net.d/calico-tls/ + cp -p ${SECRETS_MOUNT_DIR}/* /host/etc/cni/net.d/calico-tls/ fi # If the TLS assets actually exist, update the variables to populate into the @@ -96,10 +96,15 @@ ${CNI_NETWORK_CONFIG:-} EOF fi +# Pull out service account token. +SERVICEACCOUNT_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) + # Write a kubeconfig file for the CNI plugin. Do this # to skip TLS verification for now. We should eventually support # writing more complete kubeconfig files. This is only used # if the provided CNI network config references it. +touch /host/etc/cni/net.d/calico-kubeconfig +chmod ${KUBECONFIG_MODE:-0600} /host/etc/cni/net.d/calico-kubeconfig cat > /host/etc/cni/net.d/calico-kubeconfig <