From cdf9a9f4fc253f632b80a6cd45903f57caaf6bbf Mon Sep 17 00:00:00 2001 From: Matthew Mosesohn Date: Thu, 11 Jul 2019 15:30:54 +0300 Subject: [PATCH] Generate certificate key before kubeadm control plane config (#4964) --- .../tasks/kubeadm-secondary-experimental.yml | 33 ++++++++++--------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml b/roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml index 00df73cd3..073f8b6f5 100644 --- a/roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml +++ b/roles/kubernetes/master/tasks/kubeadm-secondary-experimental.yml @@ -10,22 +10,6 @@ tags: - facts -- name: Create kubeadm ControlPlane config - template: - src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2" - dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml" - backup: yes - when: - - inventory_hostname != groups['kube-master']|first - - not kubeadm_already_run.stat.exists - -- name: Wait for k8s apiserver - wait_for: - host: "{{ kubeadm_discovery_address.split(':')[0] }}" - port: "{{ kubeadm_discovery_address.split(':')[1] }}" - timeout: 180 - - - name: Upload certificates so they are fresh and not expired command: >- {{ bin_dir }}/kubeadm init phase @@ -48,6 +32,23 @@ kubeadm_certificate_key: "{{ hostvars[groups['kube-master'][0]]['kubeadm_upload_cert'].stdout_lines[-1] | trim }}" when: kubeadm_certificate_key is undefined + +- name: Create kubeadm ControlPlane config + template: + src: "kubeadm-controlplane.{{ kubeadmConfig_api_version }}.yaml.j2" + dest: "{{ kube_config_dir }}/kubeadm-controlplane.yaml" + backup: yes + when: + - inventory_hostname != groups['kube-master']|first + - not kubeadm_already_run.stat.exists + +- name: Wait for k8s apiserver + wait_for: + host: "{{ kubeadm_discovery_address.split(':')[0] }}" + port: "{{ kubeadm_discovery_address.split(':')[1] }}" + timeout: 180 + + - name: check already run debug: msg: "{{ kubeadm_already_run.stat.exists }}"