Individual etcd ssl certs

Includes hooks for triggering calico, kubelet, and kube-apiserver restarts if etcd certs changed.
2026-03-07 02:27:43 +03:00 · 2016-12-13 09:03:35 +00:00
parent de8cd5cd7f
commit ad796d188d
13 changed files with 140 additions and 54 deletions
--- a/roles/etcd/tasks/pre_upgrade.yml
+++ b/roles/etcd/tasks/pre_upgrade.yml
@@ -34,10 +34,6 @@
  command: "docker rm -f {{item}}"
  with_items: "{{etcd_proxy_container.stdout_lines}}"

- name: "Pre-upgrade | remove etcd-proxy if it exists"
-  command: "docker rm -f {{item}}"
-  with_items: "{{etcd_proxy_container.stdout_lines}}"
-
 - name: "Pre-upgrade | check if member list is non-SSL"
  command: "{{ bin_dir }}/etcdctl --no-sync --peers={{ etcd_access_addresses | regex_replace('https','http') }} member list"
  register: etcd_member_list
@@ -53,4 +49,3 @@
    awk -F"[: =]" '{print "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses | regex_replace('https','http') }} member update "$1" https:"$7":"$8}' | bash
  run_once: true
  when: 'etcd_member_list is defined and "http://" in etcd_member_list.stdout'
-