You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
---
- name: Parse certificate key if not set
set_fact:
kubeadm_certificate_key: "{{ hostvars[groups['kube_control_plane'][0]]['kubeadm_certificate_key'] }}"
when: kubeadm_certificate_key is undefined
- name: Create kubeadm cert controlplane config
template:
src: "kubeadm-client.conf.{{ kubeadmConfig_api_version }}.j2"
dest: "{{ kube_config_dir }}/kubeadm-cert-controlplane.conf"
mode: "0640"
vars:
kubeadm_cert_controlplane: true
- name: Pull control plane certs down
shell: >-
{{ bin_dir }}/kubeadm join phase
control-plane-prepare download-certs
--config {{ kube_config_dir }}/kubeadm-cert-controlplane.conf
&&
{{ bin_dir }}/kubeadm join phase
control-plane-prepare certs
--config {{ kube_config_dir }}/kubeadm-cert-controlplane.conf
args:
creates: "{{ kube_cert_dir }}/apiserver-etcd-client.key"
- name: Delete unneeded certificates
file:
path: "{{ item }}"
state: absent
with_items:
- "{{ kube_cert_dir }}/apiserver.crt"
- "{{ kube_cert_dir }}/apiserver.key"
- "{{ kube_cert_dir }}/ca.key"
- "{{ kube_cert_dir }}/etcd/ca.key"
- "{{ kube_cert_dir }}/etcd/healthcheck-client.crt"
- "{{ kube_cert_dir }}/etcd/healthcheck-client.key"
- "{{ kube_cert_dir }}/etcd/peer.crt"
- "{{ kube_cert_dir }}/etcd/peer.key"
- "{{ kube_cert_dir }}/etcd/server.crt"
- "{{ kube_cert_dir }}/etcd/server.key"
- "{{ kube_cert_dir }}/front-proxy-ca.crt"
- "{{ kube_cert_dir }}/front-proxy-ca.key"
- "{{ kube_cert_dir }}/front-proxy-client.crt"
- "{{ kube_cert_dir }}/front-proxy-client.key"
- "{{ kube_cert_dir }}/sa.key"
- "{{ kube_cert_dir }}/sa.pub"
- name: Calculate etcd cert serial
command: "openssl x509 -in {{ kube_cert_dir }}/apiserver-etcd-client.crt -noout -serial"
register: "etcd_client_cert_serial_result"
changed_when: false
when:
- inventory_hostname in groups['k8s_cluster'] | union(groups['calico_rr'] | default([])) | unique | sort
tags:
- network
- name: Set etcd_client_cert_serial
set_fact:
etcd_client_cert_serial: "{{ etcd_client_cert_serial_result.stdout.split('=')[1] }}"
tags:
- network
|
