Etcd certs: use symlink in kubeadm config

2026-05-17 14:27:47 -02:30 · 2025-03-17 11:17:20 +01:00
parent 0f9f9fb569
commit 32520037b5
5 changed files with 42 additions and 4 deletions
--- a/roles/kubernetes/control-plane/tasks/0010-etcd-link.yml
+++ b/roles/kubernetes/control-plane/tasks/0010-etcd-link.yml
@@ -0,0 +1,24 @@
+---
+- name: Create etcd cert directory
+  ansible.builtin.file:
+    path: "{{ etcd_cert_dir }}"
+    state: directory
+    mode: '0750'
+  when:
+    - inventory_hostname  in groups['kube_control_plane']
+
+- name: Generate symlink to etcd certs
+  ansible.builtin.file:
+    src: "{{ etcd_cert_paths.client[item.src] }}"
+    dest: "{{ etcd_cert_dir }}/{{ item.dest }}"
+    state: link
+    force: true
+  loop:
+    - src: ca
+      dest: "{{ kube_etcd_cacert_file }}"
+    - src: cert
+      dest: "{{ kube_etcd_cert_file }}"
+    - src: key
+      dest: "{{ kube_etcd_key_file }}"
+  when:
+    - inventory_hostname  in groups['kube_control_plane']
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -4,6 +4,11 @@
  tags:
    - k8s-pre-upgrade

+- name: Create etcd cert symbolic links
+  import_tasks: 0010-etcd-link.yml
+  when:
+    - etcd_deployment_type != "kubeadm"
+
 - name: Create webhook token auth config
  template:
    src: webhook-token-auth-config.yaml.j2