k8s-certs-renew: fix broken script (#12876 )

Unproquer quoting of variable assignment make the shell interpret it as a command ; since the variable is unused anyway, just delete it.
Merge pull request #12872 from VannTen/fix/defaut_lb_address
2026-02-04 08:48:42 +03:00 · 2026-01-19 22:57:47 +05:30 · 2026-01-19 21:45:50 +05:30 · 2026-01-19 09:43:48 +01:00 · 2026-01-19 09:35:10 +05:30 · 2026-01-15 16:50:45 +01:00
6 changed files with 7 additions and 11 deletions
--- a/.github/workflows/auto-label-os.yml
+++ b/.github/workflows/auto-label-os.yml
@@ -16,7 +16,7 @@ jobs:
      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8

      - name: Parse issue form
-        uses: stefanbuck/github-issue-parser@25f1485edffc1fee3ea68eb9f59a72e58720ffc4
+        uses: stefanbuck/github-issue-parser@10dcc54158ba4c137713d9d69d70a2da63b6bda3
        id: issue-parser
        with:
          template-path: .github/ISSUE_TEMPLATE/bug-report.yaml
--- a/roles/etcd/templates/openssl.conf.j2
+++ b/roles/etcd/templates/openssl.conf.j2
@@ -32,9 +32,6 @@ DNS.{{ counter["dns"] }} = {{ hostvars[host]['etcd_access_address'] }}{{ increme
 {# This will always expand to inventory_hostname, which can be a completely arbitrary name, that etcd will not know or care about, hence this line is (probably) redundant. #}
 DNS.{{ counter["dns"] }} = {{ host }}{{ increment(counter, 'dns') }}
 {% endfor %}
-{% if apiserver_loadbalancer_domain_name is defined %}
-DNS.{{ counter["dns"] }} = {{ apiserver_loadbalancer_domain_name }}{{ increment(counter, 'dns') }}
-{% endif %}
 {% for etcd_alt_name in etcd_cert_alt_names %}
 DNS.{{ counter["dns"] }} = {{ etcd_alt_name }}{{ increment(counter, 'dns') }}
 {% endfor %}
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -90,7 +90,7 @@
 # Nginx LB(default), If kubeadm_config_api_fqdn is defined, use other LB by kubeadm controlPlaneEndpoint.
 - name: Set kubeadm_config_api_fqdn define
  set_fact:
-    kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name | default('lb-apiserver.kubernetes.local') }}"
+    kubeadm_config_api_fqdn: "{{ apiserver_loadbalancer_domain_name }}"
  when: loadbalancer_apiserver is defined

 - name: Kubeadm | Create kubeadm config
--- a/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2
+++ b/roles/kubernetes/control-plane/templates/k8s-certs-renew.sh.j2
@@ -5,7 +5,6 @@ echo "## Check Expiration before renewal ##"
 {{ bin_dir }}/kubeadm certs check-expiration

 days_buffer=7 # set a time margin, because we should not renew at the last moment
-calendar={{ auto_renew_certificates_systemd_calendar }}
 next_time=$(systemctl show k8s-certs-renew.timer  -p NextElapseUSecRealtime --value)

 if [ "${next_time}" == "" ]; then
--- a/roles/kubespray_defaults/defaults/main/main.yml
+++ b/roles/kubespray_defaults/defaults/main/main.yml
@@ -643,10 +643,10 @@ first_kube_control_plane_address: "{{ hostvars[groups['kube_control_plane'][0]][
 loadbalancer_apiserver_localhost: "{{ loadbalancer_apiserver is not defined }}"
 loadbalancer_apiserver_type: "nginx"
 # applied if only external loadbalancer_apiserver is defined, otherwise ignored
-apiserver_loadbalancer_domain_name: "lb-apiserver.kubernetes.local"
+apiserver_loadbalancer_domain_name: "{{ 'localhost' if loadbalancer_apiserver_localhost else (loadbalancer_apiserver.address | d(undef())) }}"
 kube_apiserver_global_endpoint: |-
  {% if loadbalancer_apiserver is defined -%}
-      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
+      https://{{ apiserver_loadbalancer_domain_name | ansible.utils.ipwrap }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
  {%- elif loadbalancer_apiserver_localhost -%}
      https://localhost:{{ loadbalancer_apiserver_port | default(kube_apiserver_port) }}
  {%- else -%}
@@ -654,7 +654,7 @@ kube_apiserver_global_endpoint: |-
  {%- endif %}
 kube_apiserver_endpoint: |-
  {% if loadbalancer_apiserver is defined -%}
-      https://{{ apiserver_loadbalancer_domain_name }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
+      https://{{ apiserver_loadbalancer_domain_name | ansible.utils.ipwrap }}:{{ loadbalancer_apiserver.port | default(kube_apiserver_port) }}
  {%- elif ('kube_control_plane' not in group_names) and loadbalancer_apiserver_localhost -%}
      https://localhost:{{ loadbalancer_apiserver_port | default(kube_apiserver_port) }}
  {%- elif 'kube_control_plane' in group_names -%}
--- a/roles/network_facts/tasks/no_proxy.yml
+++ b/roles/network_facts/tasks/no_proxy.yml
@@ -4,7 +4,7 @@
    # noqa: jinja[spacing]
    no_proxy_prepare: >-
      {%- if loadbalancer_apiserver is defined -%}
-      {{ apiserver_loadbalancer_domain_name | default('') }},
+      {{ apiserver_loadbalancer_domain_name }},
      {{ loadbalancer_apiserver.address | default('') }},
      {%- endif -%}
      {%- if no_proxy_exclude_workers | default(false) -%}
@@ -32,7 +32,7 @@

 - name: Populates no_proxy to all hosts
  set_fact:
-    no_proxy: "{{ hostvars.localhost.no_proxy_prepare }}"
+    no_proxy: "{{ hostvars.localhost.no_proxy_prepare | select }}"
    # noqa: jinja[spacing]
    proxy_env: "{{ proxy_env | combine({
        'no_proxy': hostvars.localhost.no_proxy_prepare,
Author	SHA1	Message	Date
Max Gautier	df3f0a2341	k8s-certs-renew: fix broken script (#12876 ) Unproquer quoting of variable assignment make the shell interpret it as a command ; since the variable is unused anyway, just delete it.	2026-01-19 22:57:47 +05:30
Kubernetes Prow Robot	62e90b3122	Merge pull request #12872 from VannTen/fix/defaut_lb_address Use loadbalancer IP as default apiserver endpoint if no LB hostname is used	2026-01-19 21:45:50 +05:30
Max Gautier	6b5cc5bdfb	Fix defaults for apiserver_loadbalancer_domain_name Since we're not longer injecting pseudo DNS into /etc/hosts, 'lb-apiserver.kubernetes.local' (the previous default) won't resolve to anything. Instead, default to the loadbalancer IP if defined, or to the node local loadbalancer if it's in use. Make the necessary adjustements in use site to deal with ip addresses as well as hostnames.	2026-01-19 09:43:48 +01:00
dependabot[bot]	a277cfdee7	build(deps): bump stefanbuck/github-issue-parser from 3.2.2 to 3.2.3 (#12874 ) Bumps [stefanbuck/github-issue-parser](https://github.com/stefanbuck/github-issue-parser) from 3.2.2 to 3.2.3. - [Release notes](https://github.com/stefanbuck/github-issue-parser/releases) - [Commits](`25f1485edf...10dcc54158`) --- updated-dependencies: - dependency-name: stefanbuck/github-issue-parser dependency-version: 3.2.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-01-19 09:35:10 +05:30
Max Gautier	2740c13c0c	Do not use apiserver LB in etcd certificates etcd does not use the apiserver load balancer, there is no reason to include it's DNS into etcd certificates.	2026-01-15 16:50:45 +01:00