richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
198 Commits
29 Branches
81 Tags
150 MiB
Tree: 2bd6b83656
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2bd6b83656'
${ noResults }
kubespray/roles/kubernetes/node/tasks/gen_certs.yml

28 lines
667 B
Raw Normal View History

Master and nodes will run the 'node' role, kube-proxy is run under a container, new script for ssl certs
9 years ago
  1. ---
  2. - name: certs | install cert generation script
  3. copy:
  4. src=make-ssl.sh
  5. dest={{ kube_script_dir }}
  6. mode=0500
  7. changed_when: false
  9. - name: certs | write openssl config
  10. template:
  11. src: "openssl.conf.j2"
  12. dest: "{{ kube_config_dir }}/.openssl.conf"
  14. - name: certs | run cert generation script
  15. shell: >
  16. {{ kube_script_dir }}/make-ssl.sh
  17. -f {{ kube_config_dir }}/.openssl.conf
  18. -g {{ kube_cert_group }}
  19. -d {{ kube_cert_dir }}
  20. args:
  21. creates: "{{ kube_cert_dir }}/apiserver.pem"
  23. - name: certs | check certificate permissions
  24. file:
  25. path={{ kube_cert_dir }}
  26. group={{ kube_cert_group }}
  27. owner=kube
  28. recurse=yes