Setting kube-apiserver.yaml values on deployment
I'm working through implementing IAM Roles for Service Accounts on a RKE2 deployment which requires updates to some of the arguments in the kube-apiserver.yaml file. An issue is that the file is not persistent, such that if the main node goes down and is replaced, it reverts back to the old configuration.
Is there a simple way to update arguments on deployment or is the kube-apiserver.yaml file configured somewhere in the repo that could be updated prior to deployment?
Essentially what needs to be configured is:
spec:
containers:
- command:
- kube-apiserver
- --service-account-issuer=<OIDC provider URL>
- --service-account-key-file=/var/lib/rancher/rke2/server/irsa/sa-signer-pkcs8.pub
- --service-account-key-file=/var/lib/rancher/rke2/server/tls/service.key
- --service-account-signing-key-file=/var/lib/rancher/rke2/server/irsa/sa-signer.key
volumeMounts:
- mountPath: /var/lib/rancher/rke2/server/irsa
name: dir3
volumes:
- hostPath:
path: /var/lib/rancher/rke2/server/irsa
type: DirectoryOrCreate
name: dir3
The only real solution I've found that might work is updating the rke2-init.sh
and having it manually modify the file on the instance, or calling the RKE2 server cli to possibly inject those values in.
Is there a better/supported way to do this that I'm not seeing?