External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-04-30 06:05:35 -02:30
Code Issues Packages Projects Releases Wiki Activity

Refactor(defaults): centralize etcd defaults (#13161)

Browse Source
This commit is contained in:
Yang-Ming Lin
2026-04-28 10:24:48 +08:00
committed by GitHub
parent 655c516129
commit c3d4864e63
3 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/etcd/tasks/gen_certs_script.yml
View File

@@ -24,7 +24,7 @@
run_once: true
delegate_to: "{{ groups['etcd'][0] }}"
when:
- gen_certs | default(false)
- gen_certs
- inventory_hostname == groups['etcd'][0]
- name: Gen_certs | copy certs generation script
@@ -43,7 +43,7 @@
HOSTS: "{{ groups['gen_node_certs_True'] | ansible.builtin.intersect(groups['kube_control_plane']) | join(' ') }}"
run_once: true
delegate_to: "{{ groups['etcd'][0] }}"
when: gen_certs | default(false)
when: gen_certs
notify: Set etcd_secret_changed
- name: Gen_certs | run cert generation script for all clients
@@ -55,7 +55,7 @@
when:
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally
- kube_network_plugin != "calico" or calico_datastore == "etcd"
- gen_certs | default(false)
- gen_certs
notify: Set etcd_secret_changed
- name: Gen_certs | Gather etcd member/admin and kube_control_plane client certs from first etcd node
@@ -78,7 +78,7 @@
delegate_to: "{{ groups['etcd'][0] }}"
when:
- ('etcd' in group_names)
- sync_certs | default(false)
- sync_certs
- inventory_hostname != groups['etcd'][0]
notify: Set etcd_secret_changed
@@ -92,7 +92,7 @@
with_items: "{{ etcd_master_certs.results }}"
when:
- ('etcd' in group_names)
- sync_certs | default(false)
- sync_certs
- inventory_hostname != groups['etcd'][0]
loop_control:
label: "{{ item.item }}"
@@ -134,7 +134,7 @@
include_tasks: gen_nodes_certs_script.yml
when:
- ('kube_control_plane' in group_names) and
sync_certs | default(false) and inventory_hostname not in groups['etcd']
sync_certs and inventory_hostname not in groups['etcd']
- name: Gen_certs | Generate etcd certs on nodes if needed
include_tasks: gen_nodes_certs_script.yml
@@ -142,7 +142,7 @@
- kube_network_plugin in ["calico", "flannel", "cilium"] or cilium_deploy_additionally
- kube_network_plugin != "calico" or calico_datastore == "etcd"
- ('k8s_cluster' in group_names) and
sync_certs | default(false) and inventory_hostname not in groups['etcd']
sync_certs and inventory_hostname not in groups['etcd']
# This is a hack around the fact kubeadm expect the same certs path on all kube_control_plane
# TODO: fix certs generation to have the same file everywhere