External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-04-07 11:09:24 -02:30
Code Issues Packages Projects Releases Wiki Activity

Always backup both certs and kubeconfig

Browse Source 
There are no reasons not to backup during upgrade

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
This commit is contained in:
Etienne Champetier
2021-03-03 18:08:22 -05:00
committed by Kubernetes Prow Robot
parent 8800b5c01d
commit 53e5ef6b4e
3 changed files with 33 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
View File

@@ -18,6 +18,11 @@
get_mime: no
register: kubeadm_already_run
- name: kubeadm | Backup kubeadm certs / kubeconfig
import_tasks: kubeadm-backup.yml
when:
- kubeadm_already_run.stat.exists
- name: kubeadm | aggregate all SANs
set_fact:
apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}"
@@ -68,12 +73,6 @@
- name: kubeadm | set kubeadm version
import_tasks: kubeadm-version.yml
- name: kubeadm | Certificate management with kubeadm
import_tasks: kubeadm-certificate.yml
when:
- not upgrade_cluster_setup
- kubeadm_already_run.stat.exists
- name: kubeadm | Check if apiserver.crt contains all needed SANs
command: openssl x509 -noout -in "{{ kube_cert_dir }}/apiserver.crt" -check{{ item|ipaddr|ternary('ip','host') }} "{{ item }}"
with_items: "{{ apiserver_sans }}"