|
|
|
@ -1,12 +1,12 @@ |
|
|
|
--- |
|
|
|
- name: certs | make sure the certificate directory exits |
|
|
|
- name: Secrets | certs | make sure the certificate directory exits |
|
|
|
file: |
|
|
|
path={{ kube_cert_dir }} |
|
|
|
state=directory |
|
|
|
mode=o-rwx |
|
|
|
group={{ kube_cert_group }} |
|
|
|
|
|
|
|
- name: tokens | make sure the tokens directory exits |
|
|
|
- name: Secrets | tokens | make sure the tokens directory exits |
|
|
|
file: |
|
|
|
path={{ kube_token_dir }} |
|
|
|
state=directory |
|
|
|
@ -19,23 +19,24 @@ |
|
|
|
- include: gen_tokens.yml |
|
|
|
|
|
|
|
# Sync certs between nodes |
|
|
|
- user: |
|
|
|
- name: Secrets | create user |
|
|
|
user: |
|
|
|
name: '{{ansible_user_id}}' |
|
|
|
generate_ssh_key: yes |
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}" |
|
|
|
run_once: yes |
|
|
|
|
|
|
|
- name: 'get ssh keypair' |
|
|
|
- name: Secrets | 'get ssh keypair' |
|
|
|
slurp: path=~/.ssh/id_rsa.pub |
|
|
|
register: public_key |
|
|
|
delegate_to: "{{ groups['kube-master'][0] }}" |
|
|
|
|
|
|
|
- name: 'setup keypair on nodes' |
|
|
|
- name: Secrets | 'setup keypair on nodes' |
|
|
|
authorized_key: |
|
|
|
user: '{{ansible_user_id}}' |
|
|
|
key: "{{public_key.content|b64decode }}" |
|
|
|
|
|
|
|
- name: synchronize certificates for nodes |
|
|
|
- name: Secrets | synchronize certificates for nodes |
|
|
|
synchronize: |
|
|
|
src: "{{ item }}" |
|
|
|
dest: "{{ kube_cert_dir }}" |
|
|
|
|
Antoine Legrand
8 years ago