External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-07 19:51:15 -03:30
Code Issues Packages Projects Releases Wiki Activity

Fix cert and netchecker upgrade issues (#1543)

Browse Source 
* Bump tag for upgrade CI, fix netchecker upgrade

netchecker-server was changed from pod to deployment, so
we need an upgrade hook for it.

CI now uses v2.1.1 as a basis for upgrade.

* Fix upgrades for certs from non-rbac to rbac
This commit is contained in:
Matthew Mosesohn
2017-08-18 15:46:22 +03:00
committed by GitHub
parent 20183f3860
commit df28db0066
5 changed files with 62 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
roles/kubernetes/secrets/files/make-ssl.sh
View File

@@ -80,7 +80,9 @@ gen_key_and_cert() {
openssl x509 -req -in ${name}.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${name}.pem -days 3650 -extensions v3_req -extfile ${CONFIG} > /dev/null 2>&1
}
if [ ! -e "$SSLDIR/ca-key.pem" ]; then
# Admins
if [ -n "$MASTERS" ]; then
# If any host requires new certs, just regenerate all master certs
# kube-apiserver
gen_key_and_cert "apiserver" "/CN=kube-apiserver"
cat ca.pem >> apiserver.pem
@@ -88,10 +90,7 @@ if [ ! -e "$SSLDIR/ca-key.pem" ]; then
gen_key_and_cert "kube-scheduler" "/CN=system:kube-scheduler"
# kube-controller-manager
gen_key_and_cert "kube-controller-manager" "/CN=system:kube-controller-manager"
fi
# Admins
if [ -n "$MASTERS" ]; then
for host in $MASTERS; do
cn="${host%%.*}"
# admin