Skip to content

Commit

Permalink
Added option to force apiserver and respective client certificate to … (
Browse files Browse the repository at this point in the history 
#6403)

* Added option to force apiserver and respective client certificate to be regenerated without necessarily needing to bump the K8S cluster version

* Removed extra blank line
  • Loading branch information
@pestebogdan
pestebogdan authored Oct 12, 2020
1 parent 270f91e commit 5e32655
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 2 deletions.
2 changes: 2 additions & 0 deletions inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,3 +312,5 @@ persistent_volumes_enabled: false

## Amount of time to retain events. (default 1h0m0s)
event_ttl_duration: "1h0m0s"
## Force regeneration of kubernetes control plane certificates without the need of bumping the cluster version
force_certificate_regeneration: false
2 changes: 2 additions & 0 deletions roles/kubernetes/master/defaults/main/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,3 +193,5 @@ secrets_encryption_query: "resources[*].providers[0].{{kube_encryption_algorithm

## Amount of time to retain events. (default 1h0m0s)
event_ttl_duration: "1h0m0s"
## Force regeneration of kubernetes control plane certificates without the need of bumping the cluster version
force_certificate_regeneration: false
4 changes: 2 additions & 2 deletions roles/kubernetes/master/tasks/kubeadm-setup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed
- apiserver_sans_check.changed or force_certificate_regeneration

- name: kubeadm | regenerate apiserver cert 2/2
command: >-
Expand All @@ -140,7 +140,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed
- apiserver_sans_check.changed or force_certificate_regeneration

- name: kubeadm | Initialize first master
command: >-
Expand Down

0 comments on commit 5e32655

Please sign in to comment.