richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1459 Commits
29 Branches
81 Tags
150 MiB
Tree: 2ba66f0b26
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2ba66f0b26'
${ noResults }
kubespray/roles/kubernetes/secrets/tasks/sync_kube_node_certs.yml

38 lines
1.2 KiB
Raw Normal View History

Vault security hardening and role isolation
7 years ago
  1. ---
  3. - name: sync_kube_node_certs | Create list of needed certs
  4. set_fact:
  5. kube_node_cert_list: "{{ kube_node_cert_list|default([]) + ['node-' + item + '.pem'] }}"
  6. with_items: "{{ groups['k8s-cluster'] }}"
  8. - include: ../../../vault/tasks/shared/sync_file.yml
  9. vars:
  10. sync_file: "{{ item }}"
  11. sync_file_dir: "{{ kube_cert_dir }}"
  12. sync_file_group: "{{ kuber_cert_group }}"
  13. sync_file_hosts: "{{ groups['k8s-cluster'] }}"
  14. sync_file_is_cert: true
  15. sync_file_owner: kube
  16. with_items: "{{ kube_node_cert_list|default([]) }}"
  18. - name: sync_kube_node_certs | Set facts for kube-master sync_file results
  19. set_fact:
  20. kube_node_certs_needed: "{{ kube_node_certs_needed|default([]) + [item.path] }}"
  21. with_items: "{{ sync_file_results|d([]) }}"
  22. when: item.no_srcs|bool
  24. - name: sync_kube_node_certs | Unset sync_file_results after kube node certs
  25. set_fact:
  26. sync_file_results: []
  28. - include: ../../../vault/tasks/shared/sync_file.yml
  29. vars:
  30. sync_file: ca.pem
  31. sync_file_dir: "{{ kube_cert_dir }}"
  32. sync_file_group: "{{ kuber_cert_group }}"
  33. sync_file_hosts: "{{ groups['k8s-cluster'] }}"
  34. sync_file_owner: kube
  36. - name: sync_kube_node_certs | Unset sync_file_results after ca.pem
  37. set_fact:
  38. sync_file_results: []