Remove non-kubeadm deployment (#3811)

* Remove non-kubeadm deployment * More cleanup * More cleanup * More cleanup * More cleanup * Fix gitlab * Try stop gce first before absent to make the delete process work * More cleanup * Fix bug with checking if kubeadm has already run * Fix bug with checking if kubeadm has already run * More fixes * Fix test * fix * Fix gitlab checkout untill kubespray 2.8 is on quay * Fixed * Add upgrade path from non-kubeadm to kubeadm. Revert ssl path * Readd secret checking * Do gitlab checks from v2.7.0 test upgrade path to 2.8.0 * fix typo * Fix CI jobs to kubeadm again. Fix broken hyperkube path * Fix gitlab * Fix rotate tokens * More fixes * More fixes * Fix tokens
2026-03-09 11:47:47 +03:00 · 2018-12-06 11:33:38 +01:00
parent 0d1be39a97
commit ddffdb63bf
65 changed files with 111 additions and 2042 deletions
--- a/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
+++ b/roles/kubernetes-apps/rotate_tokens/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Rotate Tokens | Get default token name
-  shell: "{{ bin_dir }}/kubectl get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token"
+  shell: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf get secrets -o custom-columns=name:{.metadata.name} --no-headers | grep -m1 default-token"
  register: default_token
  changed_when: false
  until: default_token.rc == 0
@@ -8,7 +8,7 @@
  retries: 5

 - name: Rotate Tokens | Get default token data
-  command: "{{ bin_dir }}/kubectl get secrets {{ default_token.stdout }} -ojson"
+  command: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf get secrets {{ default_token.stdout }} -ojson"
  register: default_token_data
  changed_when: false

@@ -31,7 +31,7 @@
 # instead of filtering manually
 - name: Rotate Tokens | Get all serviceaccount tokens to expire
  shell: >-
-    {{ bin_dir }}/kubectl get secrets --all-namespaces
+    {{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf get secrets --all-namespaces
    -o 'jsonpath={range .items[*]}{"\n"}{.metadata.namespace}{" "}{.metadata.name}{" "}{.type}{end}'
    | grep kubernetes.io/service-account-token
    | egrep 'default-token|kube-proxy|kube-dns|dnsmasq|netchecker|weave|calico|canal|flannel|dashboard|cluster-proportional-autoscaler|tiller|local-volume-provisioner'
@@ -39,10 +39,10 @@
  when: needs_rotation

 - name: Rotate Tokens | Delete expired tokens
-  command: "{{ bin_dir }}/kubectl delete secrets -n {{ item.split(' ')[0] }} {{ item.split(' ')[1] }}"
+  command: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete secrets -n {{ item.split(' ')[0] }} {{ item.split(' ')[1] }}"
  with_items: "{{ tokens_to_delete.stdout_lines }}"
  when: needs_rotation

 - name: Rotate Tokens | Delete pods in system namespace
-  command: "{{ bin_dir }}/kubectl delete pods -n kube-system --all"
+  command: "{{ bin_dir }}/kubectl --kubeconfig /etc/kubernetes/admin.conf delete pods -n kube-system --all"
  when: needs_rotation