epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-03-08 02:58:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Create certificates for each node too (#3698)

Browse Source
This commit is contained in:
Andreas Krüger
2018-11-13 16:10:59 +01:00
committed by k8s-ci-robot
parent e8901a2422
commit afc3f7dce4
3 changed files with 38 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
roles/kubernetes/secrets/tasks/gen_certs_script.yml
View File

@@ -28,14 +28,21 @@
tags:
- k8s-secrets
- name: Gen_certs | write openssl config
- name: Gen_certs | write masters openssl config
template:
src: "openssl.conf.j2"
dest: "{{ kube_config_dir }}/openssl.conf"
src: "openssl-master.conf.j2"
dest: "{{ kube_config_dir }}/openssl-master.conf"
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master']|first }}"
when: gen_certs|default(false)
- name: Gen_certs | write nodes openssl config
template:
src: "openssl-node.conf.j2"
dest: "{{ kube_config_dir }}/{{ inventory_hostname }}-openssl.conf"
delegate_to: "{{ groups['kube-master']|first }}"
when: gen_certs|default(false) and inventory_hostname in groups['k8s-cluster']
- name: Gen_certs | copy certs generation script
template:
src: "make-ssl.sh.j2"
@@ -45,24 +52,26 @@
delegate_to: "{{groups['kube-master'][0]}}"
when: gen_certs|default(false)
- name: Gen_certs | run cert generation script
command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl.conf -d {{ kube_cert_dir }}"
- name: Gen_certs | run master cert generation script
command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/openssl-master.conf -d {{ kube_cert_dir }}"
environment:
- MASTERS: "{% for m in groups['kube-master'] %}
{% if gen_master_certs|default(false) %}
{{ m }}
{% endif %}
{% endfor %}"
- HOSTS: "{% for h in groups['k8s-cluster'] %}
{% if gen_node_certs[h]|default(true) %}
{{ h }}
{% endif %}
{% endfor %}"
run_once: yes
delegate_to: "{{groups['kube-master'][0]}}"
delegate_to: "{{ groups['kube-master']|first }}"
when: gen_certs|default(false)
notify: set secret_changed
- name: Gen_certs | run nodes cert generation script
command: "{{ kube_script_dir }}/make-ssl.sh -f {{ kube_config_dir }}/{{ inventory_hostname }}-openssl.conf -d {{ kube_cert_dir }}"
environment:
- HOSTS: "{{ inventory_hostname }}"
delegate_to: "{{ groups['kube-master']|first }}"
when: gen_certs|default(false) and inventory_hostname in groups['k8s-cluster']
notify: set secret_changed
- set_fact:
all_master_certs: "['ca-key.pem',
'apiserver.pem',