External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-16 08:27:31 -02:30
Code Issues Packages Projects Releases Wiki Activity

etcd: use dynamic group for certs generation check (#10610)

Browse Source 
We take advantage of group_by to create the list of nodes needing new
certs, instead of manually looping inside a Jinja template.

This should make the role more readable and less susceptible to
white space problems.
This commit is contained in:
Max Gautier
2023-12-12 11:22:29 +01:00
committed by GitHub
parent 51069223f5
commit 0fb404c775
3 changed files with 21 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
roles/etcd/tasks/gen_certs_script.yml
View File

@@ -41,18 +41,8 @@
- name: Gen_certs | run cert generation script for etcd and kube control plane nodes
command: "bash -x {{ etcd_script_dir }}/make-ssl-etcd.sh -f {{ etcd_config_dir }}/openssl.conf -d {{ etcd_cert_dir }}"
environment:
MASTERS: |-
{% for m in groups['etcd'] %}
{% if gen_master_certs[m] %}
{{ m }}
{% endif %}
{% endfor %}
HOSTS: |-
{% for h in groups['kube_control_plane'] %}
{% if gen_node_certs[h] %}
{{ h }}
{% endif %}
{% endfor %}
MASTERS: "{{ groups['gen_master_certs_True'] | ansible.builtin.intersect(groups['etcd']) | join(' ') }}"
HOSTS: "{{ groups['gen_node_certs_True'] | ansible.builtin.intersect(groups['kube_control_plane']) | join(' ') }}"
run_once: yes
delegate_to: "{{ groups['etcd'][0] }}"
when: gen_certs | default(false)
@@ -61,12 +51,7 @@
- name: Gen_certs | run cert generation script for all clients
command: "bash -x {{ etcd_script_dir }}/make-ssl-etcd.sh -f {{ etcd_config_dir }}/openssl.conf -d {{ etcd_cert_dir }}"
environment:
HOSTS: |-
{% for h in groups['k8s_cluster'] %}
{% if gen_node_certs[h] %}
{{ h }}
{% endif %}
{% endfor %}
HOSTS: "{{ groups['gen_node_certs_True'] | ansible.builtin.intersect(groups['k8s_cluster']) | join(' ') }}"
run_once: yes
delegate_to: "{{ groups['etcd'][0] }}"
when: