Merge pull request #89 from sighupio/feat/kubelet-server-cert-renew

feat(node-common): add task for server-side certificate kubelet renew
sighupio · Jul 31, 2024 · defccb8 · defccb8
2 parents b23ae91 + d59c40f
commit defccb8
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/roles/kube-node-common/defaults/main.yml b/roles/kube-node-common/defaults/main.yml
@@ -9,6 +9,8 @@ kubeadm_version: "{{ kubernetes_version }}"
 critools_version: "{{ dependencies[kubernetes_version].critools_version }}"
 
 skip_kubelet_upgrade: False
+kubelet_pki_cert_file: /var/lib/kubelet/pki/kubelet.crt
+kubelet_pki_key_file: /var/lib/kubelet/pki/kubelet.key
 
 dependencies:
   # To pin dependencies for each Kubernetes version

diff --git a/roles/kube-node-common/tasks/node.yml b/roles/kube-node-common/tasks/node.yml
@@ -208,6 +208,19 @@
 
 # Finish install Kubernetes packages
 
+# Start remove kubelet server certificate,key for later renew when restart kubelet service
+
+- name: Remove kubelet crt and key for later renew
+  file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - "{{ kubelet_pki_cert_file }}"
+    - "{{ kubelet_pki_key_file }}"
+  when: not skip_kubelet_upgrade
+
+# Finish remove kubelet server certificate,key for later renew when restart kubelet service
+
 - name: Start and enable Kubelet service
   systemd:
     name: kubelet