k8s-sig-cluster-lifecycleawskubesprayhigh-availabilityansiblekubernetes-clustergcekubernetesbare-metal
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 lines
1.5 KiB
42 lines
1.5 KiB
---
|
|
- name: Backup old certs and keys
|
|
copy:
|
|
src: "{{ kube_cert_dir }}/{{ item.src }}"
|
|
dest: "{{ kube_cert_dir }}/{{ item.dest }}"
|
|
remote_src: yes
|
|
with_items:
|
|
- {src: apiserver.crt, dest: apiserver.crt.old}
|
|
- {src: apiserver.key, dest: apiserver.key.old}
|
|
- {src: apiserver-kubelet-client.crt, dest: apiserver-kubelet-client.crt.old}
|
|
- {src: apiserver-kubelet-client.key, dest: apiserver-kubelet-client.key.old}
|
|
- {src: front-proxy-client.crt, dest: front-proxy-client.crt.old}
|
|
- {src: front-proxy-client.key, dest: front-proxy-client.key.old}
|
|
ignore_errors: yes
|
|
|
|
- name: Remove old certs and keys
|
|
file:
|
|
path: "{{ kube_cert_dir }}/{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- apiserver.crt
|
|
- apiserver.key
|
|
- apiserver-kubelet-client.crt
|
|
- apiserver-kubelet-client.key
|
|
- front-proxy-client.crt
|
|
- front-proxy-client.key
|
|
|
|
- name: Generate new certs and keys
|
|
command: "{{ bin_dir }}/kubeadm init phase certs {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml"
|
|
with_items:
|
|
- apiserver
|
|
- apiserver-kubelet-client
|
|
- front-proxy-client
|
|
when: inventory_hostname == groups['kube-master']|first and kubeadm_version is version('v1.13.0', '>=')
|
|
|
|
- name: Generate new certs and keys
|
|
command: "{{ bin_dir }}/kubeadm alpha phase certs {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml"
|
|
with_items:
|
|
- apiserver
|
|
- apiserver-kubelet-client
|
|
- front-proxy-client
|
|
when: inventory_hostname == groups['kube-master']|first and kubeadm_version is version('v1.13.0', '<')
|