External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-05-21 15:58:14 -02:30
Code Issues Packages Projects Releases Wiki Activity

Auto renew control plane certificates (#7358)

Browse Source 
While at it remove force_certificate_regeneration
This boolean only forced the renewal of the apiserver certs
Either manually use k8s-certs-renew.sh or set auto_renew_certificates

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
This commit is contained in:
Etienne Champetier
2021-03-22 14:22:48 -04:00
committed by GitHub
parent 6d9ed398e3
commit efa180392b
8 changed files with 73 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
View File

@@ -99,7 +99,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed or force_certificate_regeneration
- apiserver_sans_check.changed
- name: kubeadm | regenerate apiserver cert 2/2
command: >-
@@ -109,7 +109,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed or force_certificate_regeneration
- apiserver_sans_check.changed
- name: kubeadm | Initialize first master
command: >-