External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-17 22:37:45 -02:30
Code Issues Packages Projects Releases Wiki Activity

Auto renew control plane certificates (#7358)

Browse Source 
While at it remove force_certificate_regeneration
This boolean only forced the renewal of the apiserver certs
Either manually use k8s-certs-renew.sh or set auto_renew_certificates

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
(cherry picked from commit efa180392b)

Conflicts:
	roles/kubernetes/master/templates/k8s-certs-renew.service.j2
	roles/kubernetes/master/templates/k8s-certs-renew.sh.j2
	roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
This commit is contained in:
Etienne Champetier
2021-03-22 14:22:48 -04:00
committed by Kubernetes Prow Robot
parent 4e52da6a35
commit b19d109a12
8 changed files with 73 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/kubernetes/master/tasks/kubeadm-setup.yml
View File

@@ -99,7 +99,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed or force_certificate_regeneration
- apiserver_sans_check.changed
- name: kubeadm | regenerate apiserver cert 2/2
command: >-
@@ -109,7 +109,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed or force_certificate_regeneration
- apiserver_sans_check.changed
- name: kubeadm | Initialize first master
command: >-