Rotate kubelet server certificate. (#6453)

* Rotate kubelet server certificate. * CI test kubelet server cert rotation * Approve kubelet serving certificates in tests.
2026-03-09 19:58:07 +03:00 · 2020-09-03 16:25:41 +02:00
parent 2ff7ab8d40
commit c1ba8e1b3a
6 changed files with 39 additions and 1 deletions
--- a/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
+++ b/roles/kubernetes/master/templates/kubeadm-config.v1beta2.yaml.j2
@@ -198,7 +198,10 @@ apiServer:
 {% endif %}
 {% if event_ttl_duration is defined %}
    event-ttl: {{ event_ttl_duration }}
-{%endif%}
+{% endif %}
+{% if kubelet_rotate_server_certificates %}
+    kubelet-certificate-authority: {{ kube_cert_dir }}/ca.crt
+{% endif %}
 {% if kubernetes_audit or kube_basic_auth|default(true) or kube_token_auth|default(true) or kube_webhook_token_auth|default(false) or ( cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] ) or apiserver_extra_volumes or ssl_ca_dirs|length %}
  extraVolumes:
 {% if cloud_provider is defined and cloud_provider in ["openstack", "azure", "vsphere", "aws"] %}