Auto renew control plane certificates (#7358)

While at it remove force_certificate_regeneration This boolean only forced the renewal of the apiserver certs Either manually use k8s-certs-renew.sh or set auto_renew_certificates Signed-off-by: Etienne Champetier <e.champetier@ateme.com> (cherry picked from commit efa180392b) Conflicts: roles/kubernetes/master/templates/k8s-certs-renew.service.j2 roles/kubernetes/master/templates/k8s-certs-renew.sh.j2 roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
2026-02-16 02:30:03 -03:30 · 2021-03-22 14:22:48 -04:00
parent 4e52da6a35
commit b19d109a12
8 changed files with 73 additions and 6 deletions
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -21,6 +21,8 @@
    - containerd.service.d/http-proxy.conf
    - crio.service.d/http-proxy.conf
    - vault.service.d/http-proxy.conf
+    - k8s-certs-renew.service
+    - k8s-certs-renew.timer
  register: services_removed
  tags:
    - services
@@ -292,6 +294,7 @@
    - "{{ bin_dir }}/weave"
    - "{{ bin_dir }}/crictl"
    - "{{ bin_dir }}/netctl"
+    - "{{ bin_dir }}/k8s-certs-renew.sh"
    - /var/lib/cni
    - /etc/openvswitch
    - /run/openvswitch