epostnikof/kubespray
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2025-12-14 13:54:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Remove pre kubeadm cert migration tasks

Browse Source 
apiserver.pem is not used since ddffdb63bf

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
This commit is contained in:
Etienne Champetier
2021-03-03 15:30:07 -05:00
committed by Kubernetes Prow Robot
parent b7c22659e3
commit fedd671d68
3 changed files with 0 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
View File

@@ -1,18 +1,4 @@
---
- name: kubeadm | Check if old apiserver cert exists on host
stat:
path: "{{ kube_cert_dir }}/apiserver.pem"
get_attributes: no
get_checksum: no
get_mime: no
register: old_apiserver_cert
delegate_to: "{{ groups['kube-master'] | first }}"
run_once: true
- name: kubeadm | Migrate old certs if necessary
import_tasks: kubeadm-migrate-certs.yml
when: old_apiserver_cert.stat.exists
- name: Install OIDC certificate
copy:
content: "{{ kube_oidc_ca_cert | b64decode }}"
@@ -48,22 +34,6 @@
when:
- not kubeadm_already_run.stat.exists
- name: kubeadm | Delete old static pods
file:
path: "{{ kube_config_dir }}/manifests/{{ item }}.manifest"
state: absent
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler", "kube-proxy"]
when:
- old_apiserver_cert.stat.exists
- name: kubeadm | Forcefully delete old static pods
shell: "set -o pipefail && docker ps -f name=k8s_{{ item }} -q | xargs --no-run-if-empty docker rm -f"
args:
executable: /bin/bash
with_items: ["kube-apiserver", "kube-controller-manager", "kube-scheduler"]
when:
- old_apiserver_cert.stat.exists
- name: kubeadm | aggregate all SANs
set_fact:
apiserver_sans: "{{ (sans_base + groups['kube-master'] + sans_lb + sans_lb_ip + sans_supp + sans_access_ip + sans_ip + sans_address + sans_override + sans_hostname + sans_fqdn) | unique }}"
@@ -231,11 +201,6 @@
notify: Master | set secret_changed
when: sa_key_before.stat.checksum|default("") != sa_key_after.stat.checksum
- name: kubeadm | cleanup old certs if necessary
import_tasks: kubeadm-cleanup-old-certs.yml
when:
- old_apiserver_cert.stat.exists
# FIXME(mattymo): from docs: If you don't want to taint your control-plane node, set this field to an empty slice, i.e. `taints: {}` in the YAML file.
- name: kubeadm | Remove taint for master with node role
command: "{{ bin_dir }}/kubectl --kubeconfig {{ kube_config_dir }}/admin.conf taint node {{ inventory_hostname }} {{ item }}"