Skip to content

Commit

Permalink
Added option to force apiserver and respective client certificate to … (
Browse files Browse the repository at this point in the history 
kubernetes-sigs#6403)

* Added option to force apiserver and respective client certificate to be regenerated without necessarily needing to bump the K8S cluster version

* Removed extra blank line
  • Loading branch information
@pestebogdan @LuckySB
pestebogdan authored and LuckySB committed Jan 16, 2021
1 parent ecb02d7 commit 04dcca6
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 2 deletions.
2 changes: 2 additions & 0 deletions inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,3 +313,5 @@ persistent_volumes_enabled: false

## Amount of time to retain events. (default 1h0m0s)
event_ttl_duration: "1h0m0s"
## Force regeneration of kubernetes control plane certificates without the need of bumping the cluster version
force_certificate_regeneration: false
2 changes: 2 additions & 0 deletions roles/kubernetes/master/defaults/main/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,3 +231,5 @@ secrets_encryption_query: "resources[*].providers[0].{{kube_encryption_algorithm

## Amount of time to retain events. (default 1h0m0s)
event_ttl_duration: "1h0m0s"
## Force regeneration of kubernetes control plane certificates without the need of bumping the cluster version
force_certificate_regeneration: false
4 changes: 2 additions & 2 deletions roles/kubernetes/master/tasks/kubeadm-setup.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed
- apiserver_sans_check.changed or force_certificate_regeneration

- name: kubeadm | regenerate apiserver cert 2/2
command: >-
Expand All @@ -137,7 +137,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed
- apiserver_sans_check.changed or force_certificate_regeneration

- name: kubeadm | Initialize first master
command: >-
Expand Down

0 comments on commit 04dcca6

Please sign in to comment.