You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
---
- import_tasks: check-certs.yml
tags:
- k8s-secrets
- k8s-gen-certs
- facts
- import_tasks: check-tokens.yml
tags:
- k8s-secrets
- k8s-gen-tokens
- facts
- name: Make sure the certificate directory exits
file:
path: "{{ kube_cert_dir }}"
state: directory
mode: o-rwx
group: "{{ kube_cert_group }}"
- name: Make sure the tokens directory exits
file:
path: "{{ kube_token_dir }}"
state: directory
mode: o-rwx
group: "{{ kube_cert_group }}"
#
# The following directory creates make sure that the directories
# exist on the first master for cases where the first master isn't
# being run.
#
- name: "Gen_certs | Create kubernetes config directory (on {{groups['kube-master'][0]}})"
file:
path: "{{ kube_config_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_certs|default(false) or gen_tokens|default(false)
tags:
- kubelet
- k8s-secrets
- kube-controller-manager
- kube-apiserver
- apps
- network
- master
- node
- name: "Gen_certs | Create kubernetes script directory (on {{groups['kube-master'][0]}})"
file:
path: "{{ kube_script_dir }}"
state: directory
owner: kube
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_certs|default(false) or gen_tokens|default(false)
tags:
- k8s-secrets
- name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})"
file:
path: "{{ kube_token_dir }}"
state: directory
mode: o-rwx
group: "{{ kube_cert_group }}"
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_tokens|default(false)
- include_tasks: "gen_certs_{{ cert_management }}.yml"
tags:
- k8s-secrets
- k8s-gen-certs
- import_tasks: upd_ca_trust.yml
tags:
- k8s-secrets
- k8s-gen-certs
- name: "Gen_certs | Get certificate serials on kube masters"
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
register: "master_certificate_serials"
changed_when: false
with_items:
- "admin-{{ inventory_hostname }}.pem"
- "apiserver.pem"
- "kube-controller-manager.pem"
- "kube-scheduler.pem"
when: inventory_hostname in groups['kube-master']
tags:
- master
- kubelet
- node
- name: "Gen_certs | set kube master certificate serial facts"
set_fact:
etcd_admin_cert_serial: "{{ master_certificate_serials.results[0].stdout|default() }}"
apiserver_cert_serial: "{{ master_certificate_serials.results[1].stdout|default() }}"
controller_manager_cert_serial: "{{ master_certificate_serials.results[2].stdout|default() }}"
scheduler_cert_serial: "{{ master_certificate_serials.results[3].stdout|default() }}"
when: inventory_hostname in groups['kube-master']
tags:
- master
- kubelet
- node
- name: "Gen_certs | Get certificate serials on kube nodes"
shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
register: "node_certificate_serials"
changed_when: false
with_items:
- "node-{{ inventory_hostname }}.pem"
- "kube-proxy-{{ inventory_hostname }}.pem"
when: inventory_hostname in groups['k8s-cluster']
- name: "Gen_certs | set kube node certificate serial facts"
set_fact:
kubelet_cert_serial: "{{ node_certificate_serials.results[0].stdout|default() }}"
kube_proxy_cert_serial: "{{ node_certificate_serials.results[1].stdout|default() }}"
when: inventory_hostname in groups['k8s-cluster']
tags:
- kubelet
- node
- import_tasks: gen_tokens.yml
tags:
- k8s-secrets
- k8s-gen-tokens
|
