Add auto_renew_certificates_systemd_calendar (#7490)

This allow to configure when K8S certificates renewal runs Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit bf6a39eb84) Conflicts: inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml roles/kubernetes/master/defaults/main/main.yml roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
3 years ago · e7fad8224d
3 changed files with 5 additions and 2 deletions
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@ -313,3 +313,5 @@ event_ttl_duration: "1h0m0s"

 ## Automatically renew K8S control plane certificates on first Monday of each month
 auto_renew_certificates: false
+# First Monday of each month
+# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00"
--- a/roles/kubernetes/master/defaults/main/main.yml
+++ b/roles/kubernetes/master/defaults/main/main.yml
@ -197,3 +197,5 @@ event_ttl_duration: "1h0m0s"

 ## Automatically renew K8S control plane certificates on first Monday of each month
 auto_renew_certificates: false
+# First Monday of each month
+auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00"
--- a/roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
+++ b/roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
@ -2,8 +2,7 @@
 Description=Timer to renew K8S control plane certificates

 [Timer]
-# First Monday of each month
-OnCalendar=Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00
+OnCalendar={{ auto_renew_certificates_systemd_calendar }}

 [Install]
 WantedBy=multi-user.target