Etcd certs: use symlink in kubeadm config

2026-05-14 12:57:45 -02:30 · 2025-03-17 11:17:20 +01:00
parent 0f9f9fb569
commit 32520037b5
5 changed files with 42 additions and 4 deletions
--- a/roles/kubernetes/control-plane/defaults/main/etcd.yml
+++ b/roles/kubernetes/control-plane/defaults/main/etcd.yml
@@ -27,3 +27,11 @@ etcd_extra_vars: {}
 # etcd_max_request_bytes: "1572864"

 etcd_compaction_retention: "8"
+
+
+# softlink to etcd certs
+etcd_cert_paths:
+  client:
+    ca: "{{ etcd_cert_dir }}/ca.pem"
+    cert: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
+    key: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
--- a/roles/kubernetes/control-plane/defaults/main/main.yml
+++ b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -23,10 +23,6 @@ kube_apiserver_etcd_compaction_interval: "5m0s"
 # in the request is actually present in etcd.
 kube_apiserver_service_account_lookup: true

-kube_etcd_cacert_file: ca.pem
-kube_etcd_cert_file: node-{{ inventory_hostname }}.pem
-kube_etcd_key_file: node-{{ inventory_hostname }}-key.pem
-
 # Associated interfaces must be reachable by the rest of the cluster, and by
 # CLI/web clients.
 kube_controller_manager_bind_address: "::"