Adding in certificate serial numbers to manifests (#1392)

roles/kubernetes/secrets/tasks/main.yml

@@ -75,5 +75,37 @@
 - include: upd_ca_trust.yml
   tags: k8s-secrets
 
+- name: "Gen_certs | Get certificate serials on kube masters"
+  shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
+  register: "master_certificate_serials"
+  with_items:
+    - "admin-{{ inventory_hostname }}.pem"
+    - "apiserver.pem"
+    - "kube-controller-manager.pem"
+    - "kube-scheduler.pem"
+  when: inventory_hostname in groups['kube-master']
+
+- name: "Gen_certs | set kube master certificate serial facts"
+  set_fact:
+    etcd_admin_cert_serial: "{{ master_certificate_serials.results[0].stdout|default() }}"
+    apiserver_cert_serial: "{{ master_certificate_serials.results[1].stdout|default() }}"
+    controller_manager_cert_serial: "{{ master_certificate_serials.results[2].stdout|default() }}"
+    scheduler_cert_serial: "{{ master_certificate_serials.results[3].stdout|default() }}"
+  when: inventory_hostname in groups['kube-master']
+
+- name: "Gen_certs | Get certificate serials on kube nodes"
+  shell: "openssl x509 -in {{ kube_cert_dir }}/{{ item }} -noout -serial | cut -d= -f2"
+  register: "node_certificate_serials"
+  with_items:
+    - "node-{{ inventory_hostname }}.pem"
+    - "kube-proxy-{{ inventory_hostname }}.pem"
+  when: inventory_hostname in groups['k8s-cluster']
+
+- name: "Gen_certs | set kube node certificate serial facts"
+  set_fact:
+    etcd_node_cert_serial: "{{ node_certificate_serials.results[0].stdout|default() }}"
+    kube_proxy_cert_serial: "{{ node_certificate_serials.results[1].stdout|default() }}"
+  when: inventory_hostname in groups['k8s-cluster']
+
 - include: gen_tokens.yml
   tags: k8s-secrets