epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-10 20:29:18 +03:00
Code Issues Packages Projects Releases Wiki Activity

Rename from aggregator-proxy-client to front-proxy-client to match kubeadm design. Added kubeadm support too. Changed to use variables set and not hardcode paths. Still missing cert generation for Vault

Browse Source
This commit is contained in:
woopstar
2018-02-07 09:50:08 +01:00
committed by Andreas Kruger
parent b2d30d68e7
commit 4dab92ce69
7 changed files with 34 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/kubernetes/secrets/tasks/check-certs.yml
View File

@@ -26,8 +26,8 @@
- kube-scheduler-key.pem
- kube-controller-manager.pem
- kube-controller-manager-key.pem
- aggregator-proxy-client.pem
- aggregator-proxy-client-key.pem
- front-proxy-client.pem
- front-proxy-client-key.pem
- admin-{{ inventory_hostname }}.pem
- admin-{{ inventory_hostname }}-key.pem
- node-{{ inventory_hostname }}.pem
@@ -48,8 +48,8 @@
'{{ kube_cert_dir }}/kube-scheduler-key.pem',
'{{ kube_cert_dir }}/kube-controller-manager.pem',
'{{ kube_cert_dir }}/kube-controller-manager-key.pem',
'{{ kube_cert_dir }}/aggregator-proxy-client.pem',
'{{ kube_cert_dir }}/aggregator-proxy-client-key.pem',
'{{ kube_cert_dir }}/front-proxy-client.pem',
'{{ kube_cert_dir }}/front-proxy-client-key.pem',
{% for host in groups['kube-master'] %}
'{{ kube_cert_dir }}/admin-{{ host }}.pem'
'{{ kube_cert_dir }}/admin-{{ host }}-key.pem'
@@ -68,9 +68,10 @@
gen_master_certs: |-
{%- set gen = False -%}
{% set existing_certs = kubecert_master.files|map(attribute='path')|list|sort %}
{% for cert in ['apiserver.pem', 'apiserver-key.pem', 'kube-scheduler.pem',
'kube-scheduler-key.pem', 'kube-controller-manager.pem',
'kube-controller-manager-key.pem','aggregator-proxy-client.pem','aggregator-proxy-client-key.pem'] -%}
{% for cert in ['apiserver.pem', 'apiserver-key.pem',
'kube-scheduler.pem','kube-scheduler-key.pem',
'kube-controller-manager.pem','kube-controller-manager-key.pem',
'front-proxy-client.pem','front-proxy-client-key.pem'] -%}
{% set cert_file = "%s/%s.pem"|format(kube_cert_dir, cert) %}
{% if not cert_file in existing_certs -%}
{%- set gen = True -%}