External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-26 15:36:11 -03:30
Code Issues Packages Projects Releases Wiki Activity

Move 'pretend certificates' **after** cert distribution

Browse Source 
The link target will only exist after we distribute the certs on each node.
This commit is contained in:
Max Gautier
2025-05-15 18:35:34 +02:00
parent 2d3bd8686f
commit 22d3cf9c2b
1 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
roles/etcd/tasks/gen_certs_script.yml
View File

@@ -98,28 +98,6 @@
loop_control: loop_control:
label: "{{ item.item }}" label: "{{ item.item }}"
# This is a hack around the fact kubeadm expect the same certs path on all kube_control_plane
# TODO: fix certs generation to have the same file everywhere
# OR work with kubeadm on node-specific config
- name: Gen_certs | Pretend all control plane have all certs (with symlinks)
file:
state: link
src: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}{{ item[0] }}.pem"
dest: "{{ etcd_cert_dir }}/node-{{ item[1] }}{{ item[0] }}.pem"
mode: "0640"
loop: "{{ suffixes | product(groups['kube_control_plane']) }}"
vars:
suffixes:
- ''
- '-key'
when:
- ('kube_control_plane' in group_names)
- item[1] != inventory_hostname
register: symlink_created
failed_when:
- symlink_created is failed
- ('refusing to convert from file to symlink' not in symlink_created.msg)
- name: Gen_certs | Gather node certs from first etcd node - name: Gen_certs | Gather node certs from first etcd node
slurp: slurp:
src: "{{ item }}" src: "{{ item }}"
@@ -175,3 +153,25 @@
owner: "{{ etcd_owner }}" owner: "{{ etcd_owner }}"
mode: "{{ etcd_cert_dir_mode }}" mode: "{{ etcd_cert_dir_mode }}"
recurse: true recurse: true
# This is a hack around the fact kubeadm expect the same certs path on all kube_control_plane
# TODO: fix certs generation to have the same file everywhere
# OR work with kubeadm on node-specific config
- name: Gen_certs | Pretend all control plane have all certs (with symlinks)
file:
state: link
src: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}{{ item[0] }}.pem"
dest: "{{ etcd_cert_dir }}/node-{{ item[1] }}{{ item[0] }}.pem"
mode: "0640"
loop: "{{ suffixes | product(groups['kube_control_plane']) }}"
vars:
suffixes:
- ''
- '-key'
when:
- ('kube_control_plane' in group_names)
- item[1] != inventory_hostname
register: symlink_created
failed_when:
- symlink_created is failed
- ('refusing to convert from file to symlink' not in symlink_created.msg)