From 22d3cf9c2b31ac1203d3ab3b74ffcaba9beb0467 Mon Sep 17 00:00:00 2001 From: Max Gautier Date: Thu, 15 May 2025 18:35:34 +0200 Subject: [PATCH] Move 'pretend certificates' **after** cert distribution The link target will only exist after we distribute the certs on each node. --- roles/etcd/tasks/gen_certs_script.yml | 44 +++++++++++++-------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/roles/etcd/tasks/gen_certs_script.yml b/roles/etcd/tasks/gen_certs_script.yml index c2c4ef3bf..71d12eece 100644 --- a/roles/etcd/tasks/gen_certs_script.yml +++ b/roles/etcd/tasks/gen_certs_script.yml @@ -98,28 +98,6 @@ loop_control: label: "{{ item.item }}" -# This is a hack around the fact kubeadm expect the same certs path on all kube_control_plane -# TODO: fix certs generation to have the same file everywhere -# OR work with kubeadm on node-specific config -- name: Gen_certs | Pretend all control plane have all certs (with symlinks) - file: - state: link - src: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}{{ item[0] }}.pem" - dest: "{{ etcd_cert_dir }}/node-{{ item[1] }}{{ item[0] }}.pem" - mode: "0640" - loop: "{{ suffixes | product(groups['kube_control_plane']) }}" - vars: - suffixes: - - '' - - '-key' - when: - - ('kube_control_plane' in group_names) - - item[1] != inventory_hostname - register: symlink_created - failed_when: - - symlink_created is failed - - ('refusing to convert from file to symlink' not in symlink_created.msg) - - name: Gen_certs | Gather node certs from first etcd node slurp: src: "{{ item }}" @@ -175,3 +153,25 @@ owner: "{{ etcd_owner }}" mode: "{{ etcd_cert_dir_mode }}" recurse: true + +# This is a hack around the fact kubeadm expect the same certs path on all kube_control_plane +# TODO: fix certs generation to have the same file everywhere +# OR work with kubeadm on node-specific config +- name: Gen_certs | Pretend all control plane have all certs (with symlinks) + file: + state: link + src: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}{{ item[0] }}.pem" + dest: "{{ etcd_cert_dir }}/node-{{ item[1] }}{{ item[0] }}.pem" + mode: "0640" + loop: "{{ suffixes | product(groups['kube_control_plane']) }}" + vars: + suffixes: + - '' + - '-key' + when: + - ('kube_control_plane' in group_names) + - item[1] != inventory_hostname + register: symlink_created + failed_when: + - symlink_created is failed + - ('refusing to convert from file to symlink' not in symlink_created.msg)