mirror of
https://github.com/kubernetes-sigs/kubespray.git
synced 2026-01-31 17:19:17 -03:30
b3f6d05131
* Use RandomizedDelaySec to spread out control certificates renewal plane If the number of control plane node is superior to 6, using (index * 10 minutes) will fail (03:60:00 is not a valid timestamp). Compared to just fixing the jinja expression (to use a modulo for example), this should avoid having two control planes certificates update node being triggered at the same time. * Make k8s-certs-renew.timer Persistent If the control plane happens to be offline during the scheduled certificates renewal (node failure or anything like that), we still want the renewal to happen.
12 lines
279 B
Django/Jinja
12 lines
279 B
Django/Jinja
[Unit]
|
|
Description=Timer to renew K8S control plane certificates
|
|
|
|
[Timer]
|
|
OnCalendar={{ auto_renew_certificates_systemd_calendar }}
|
|
RandomizedDelaySec={{ 10 * (groups['kube_control_plane'] | length) }}min
|
|
FixedRandomDelay=yes
|
|
Persistent=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|