Merge pull request #2358 from abutcher/service-serving-certs

enable service-serving-cert-signer by default

filter_plugins/openshift_master.py

@@ -550,6 +550,9 @@ class FilterModule(object):
             certs += ['openshift-master.crt',
                       'openshift-master.key',
                       'openshift-master.kubeconfig']
+        if bool(hostvars['openshift']['common']['version_gte_3_3_or_1_3']):
+            certs += ['service-signer.crt',
+                      'service-signer.key']
         return certs
 
     @staticmethod

roles/openshift_master/templates/master.yaml.v1.j2

@@ -44,6 +44,13 @@ auditConfig:{{ openshift.master.audit_config | to_padded_yaml(level=1) }}
 {% endif %}
 controllerLeaseTTL: {{ openshift.master.controller_lease_ttl | default('30') }}
 {% endif %}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+controllerConfig:
+  serviceServingCert:
+    signer:
+      certFile: service-signer.crt
+      keyFile: service-signer.key
+{% endif %}
 controllers: '*'
 corsAllowedOrigins:
 {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %}