Merge branch 'master' into synthscale

2026-03-02 01:08:54 -03:30 · 2017-02-21 22:17:43 +03:00
parent 2ba66f0b26 0afadb9149
commit d821448e2f
51 changed files with 317 additions and 122 deletions
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@@ -146,10 +146,10 @@

 - name: Gen_certs | check certificate permissions
  file:
-    path={{ kube_cert_dir }}
-    group={{ kube_cert_group }}
-    owner=kube
-    recurse=yes
+    path: "{{ kube_cert_dir }}"
+    group: "{{ kube_cert_group }}"
+    owner: kube
+    recurse: yes

 - name: Gen_certs | set permissions on keys
  shell: chmod 0600 {{ kube_cert_dir}}/*key.pem
--- a/roles/kubernetes/secrets/tasks/main.yml
+++ b/roles/kubernetes/secrets/tasks/main.yml
@@ -1,29 +1,30 @@
 ---
 - include: check-certs.yml
  tags: [k8s-secrets, facts]
+
 - include: check-tokens.yml
  tags: [k8s-secrets, facts]

 - name: Make sure the certificate directory exits
  file:
-    path={{ kube_cert_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
+    path: "{{ kube_cert_dir }}"
+    state: directory
+    mode: o-rwx
+    group: "{{ kube_cert_group }}"

 - name: Make sure the tokens directory exits
  file:
-    path={{ kube_token_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
+    path: "{{ kube_token_dir }}"
+    state: directory
+    mode: o-rwx
+    group: "{{ kube_cert_group }}"

 - name: Make sure the users directory exits
  file:
-    path={{ kube_users_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
+    path: "{{ kube_users_dir }}"
+    state: directory
+    mode: o-rwx
+    group: "{{ kube_cert_group }}"

 - name: Populate users for basic auth in API
  lineinfile:
@@ -62,10 +63,10 @@

 - name: "Get_tokens | Make sure the tokens directory exits (on {{groups['kube-master'][0]}})"
  file:
-    path={{ kube_token_dir }}
-    state=directory
-    mode=o-rwx
-    group={{ kube_cert_group }}
+    path: "{{ kube_token_dir }}"
+    state: directory
+    mode: o-rwx
+    group: "{{ kube_cert_group }}"
  run_once: yes
  delegate_to: "{{groups['kube-master'][0]}}"
  when: gen_tokens|default(false)
@@ -77,9 +78,11 @@
 - include: sync_kube_master_certs.yml
  when: cert_management == "vault" and inventory_hostname in groups['kube-master']
  tags: k8s-secrets
+
 - include: sync_kube_node_certs.yml
  when: cert_management == "vault" and inventory_hostname in groups['k8s-cluster']
  tags: k8s-secrets
+
 - include: gen_certs_vault.yml
  when: cert_management == "vault"
  tags: k8s-secrets
--- a/roles/kubernetes/secrets/templates/openssl.conf.j2
+++ b/roles/kubernetes/secrets/templates/openssl.conf.j2
@@ -16,7 +16,7 @@ DNS.5 = localhost
 DNS.{{ 5 + loop.index }} = {{ host }}
 {% endfor %}
 {% if loadbalancer_apiserver is defined  and apiserver_loadbalancer_domain_name is defined %}
-{% set idx =  groups['kube-master'] | length | int + 5 %}
+{% set idx =  groups['kube-master'] | length | int + 5 + 1 %}
 DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
 {% endif %}
 {% for host in groups['kube-master'] %}