2019-10-17 14:02:38 +00:00
|
|
|
---
|
|
|
|
- name: Calico | Check if typha-server exists
|
2022-01-05 10:26:32 +00:00
|
|
|
command: "{{ kubectl }} -n kube-system get secret typha-server"
|
2019-10-17 14:02:38 +00:00
|
|
|
register: typha_server_secret
|
|
|
|
changed_when: false
|
|
|
|
failed_when: false
|
|
|
|
|
|
|
|
- name: Calico | Ensure calico certs dir
|
|
|
|
file:
|
|
|
|
path: /etc/calico/certs
|
|
|
|
state: directory
|
2022-01-09 09:51:12 +00:00
|
|
|
mode: 0755
|
2019-10-17 14:02:38 +00:00
|
|
|
when: typha_server_secret.rc != 0
|
|
|
|
|
|
|
|
- name: Calico | Copy ssl script for typha certs
|
2022-04-08 07:02:42 +00:00
|
|
|
template:
|
|
|
|
src: make-ssl-calico.sh.j2
|
2019-10-17 14:02:38 +00:00
|
|
|
dest: "{{ bin_dir }}/make-ssl-typha.sh"
|
|
|
|
mode: 0755
|
|
|
|
when: typha_server_secret.rc != 0
|
|
|
|
|
|
|
|
- name: Calico | Copy ssl config for typha certs
|
|
|
|
copy:
|
|
|
|
src: openssl.conf
|
|
|
|
dest: /etc/calico/certs/openssl.conf
|
|
|
|
mode: 0644
|
|
|
|
when: typha_server_secret.rc != 0
|
|
|
|
|
|
|
|
- name: Calico | Generate typha certs
|
|
|
|
command: >-
|
|
|
|
{{ bin_dir }}/make-ssl-typha.sh
|
|
|
|
-f /etc/calico/certs/openssl.conf
|
|
|
|
-c {{ kube_cert_dir }}
|
|
|
|
-d /etc/calico/certs
|
2022-04-08 07:02:42 +00:00
|
|
|
-s typha
|
2019-10-17 14:02:38 +00:00
|
|
|
when: typha_server_secret.rc != 0
|
|
|
|
|
|
|
|
- name: Calico | Create typha tls secrets
|
|
|
|
command: >-
|
2022-01-05 10:26:32 +00:00
|
|
|
{{ kubectl }} -n kube-system
|
2019-10-17 14:02:38 +00:00
|
|
|
create secret tls {{ item.name }}
|
|
|
|
--cert {{ item.cert }}
|
|
|
|
--key {{ item.key }}
|
|
|
|
with_items:
|
|
|
|
- name: typha-server
|
|
|
|
cert: /etc/calico/certs/typha-server.crt
|
|
|
|
key: /etc/calico/certs/typha-server.key
|
|
|
|
- name: typha-client
|
|
|
|
cert: /etc/calico/certs/typha-client.crt
|
|
|
|
key: /etc/calico/certs/typha-client.key
|
|
|
|
when: typha_server_secret.rc != 0
|