Individual etcd ssl certs

Includes hooks for triggering calico, kubelet, and kube-apiserver restarts if etcd certs changed.
2026-02-28 09:39:12 +03:00 · 2016-12-13 09:03:35 +00:00
parent de8cd5cd7f
commit ad796d188d
13 changed files with 140 additions and 54 deletions
--- a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
@@ -31,9 +31,9 @@ spec:
            - name: ETCD_CA_CERT_FILE
              value: "{{ etcd_cert_dir }}/ca.pem"
            - name: ETCD_CERT_FILE
-              value: "{{ etcd_cert_dir }}/node.pem"
+              value: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
            - name: ETCD_KEY_FILE
-              value: "{{ etcd_cert_dir }}/node-key.pem"
+              value: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
            # Location of the Kubernetes API - this shouldn't need to be
            # changed so long as it is used in conjunction with
            # CONFIGURE_ETC_HOSTS="true".