Hi Sergey, In magnum queens we can set the private ca as a service account key. Here [1] we can set the ca.key file. When the label cert_manager_api is set to true. Cheers, Spyros [1] https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh#L32 On 20 April 2018 at 19:57, Sergey Filatov <s.s.filatov94 at gmail.com> wrote: > Hello, > > I looked into k8s drivers for magnum I see that each api-server on master > node generates it’s own service-account-key-file. This causes issues with > service-accounts authenticating on api-server. (In case api-server endpoint > moves). > As far as I understand we should have either all api-server keys synced on > api-servesr or pre-generate single api-server key. > > What is the way for magnum to get over this issue? > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20180423/87b31819/attachment.html>