Max Gautier
5 months ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with
22 additions and
0 deletions
-
roles/etcd/tasks/gen_certs_script.yml
|
|
|
@ -98,6 +98,28 @@ |
|
|
|
loop_control: |
|
|
|
label: "{{ item.item }}" |
|
|
|
|
|
|
|
# This is a hack around the fact kubeadm expect the same certs path on all kube_control_plane |
|
|
|
# TODO: fix certs generation to have the same file everywhere |
|
|
|
# OR work with kubeadm on node-specific config |
|
|
|
- name: Gen_certs | Pretend all control plane have all certs (with symlinks) |
|
|
|
file: |
|
|
|
state: link |
|
|
|
src: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}{{ item[0] }}.pem" |
|
|
|
dest: "{{ etcd_cert_dir }}/node-{{ item[1] }}{{ item[0] }}.pem" |
|
|
|
mode: "0640" |
|
|
|
loop: "{{ suffixes | product(groups['kube_control_plane']) }}" |
|
|
|
vars: |
|
|
|
suffixes: |
|
|
|
- '' |
|
|
|
- '-key' |
|
|
|
when: |
|
|
|
- ('kube_control_plane' in group_names) |
|
|
|
- item[1] != inventory_hostname |
|
|
|
register: symlink_created |
|
|
|
failed_when: |
|
|
|
- symlink_created is failed |
|
|
|
- ('refusing to convert from file to symlink' not in symlink_created.msg) |
|
|
|
|
|
|
|
- name: Gen_certs | Gather node certs from first etcd node |
|
|
|
slurp: |
|
|
|
src: "{{ item }}" |
|
|
|
|
