Reverted leftover tasks from cert rotation functionality.

This commit is contained in:
Raj Perera 2017-06-20 13:29:31 -04:00 committed by jwfang
parent a3760a8b84
commit 0816f620b9
6 changed files with 19 additions and 24 deletions

View file

@ -115,19 +115,8 @@ k8s_image_pull_policy: IfNotPresent
efk_enabled: false efk_enabled: false
enable_network_policy: false enable_network_policy: false
## List of authorization plugins that must be configured for ## List of authorization modes that must be configured for
## the k8s cluster. ## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and
## 'RBAC' modes are tested.
authorization_mode: ['AlwaysAllow'] authorization_mode: ['AlwaysAllow']
rbac_enabled: "{{ 'RBAC' in authorization_mode }}" rbac_enabled: "{{ 'RBAC' in authorization_mode }}"
ssl_ca_dirs: "[
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] -%}
'/usr/share/ca-certificates',
{% elif ansible_os_family == 'RedHat' -%}
'/etc/pki/tls',
'/etc/pki/ca-trust',
{% elif ansible_os_family == 'Debian' -%}
'/usr/share/ca-certificates',
{% endif -%}
]"

View file

@ -47,4 +47,3 @@ spec:
- --logtostderr=true - --logtostderr=true
- --v=2 - --v=2
serviceAccountName: cluster-proportional-autoscaler serviceAccountName: cluster-proportional-autoscaler
serviceAccount: cluster-proportional-autoscaler

View file

@ -1,9 +1,4 @@
--- ---
- name: restart kubelet if secrets changed
command: /bin/true
when: secret_changed|d(False)
notify: restart kubelet
- name: restart kubelet - name: restart kubelet
command: /bin/true command: /bin/true
notify: notify:

View file

@ -1,4 +1,18 @@
--- ---
- name: install | Set SSL CA directories
set_fact:
ssl_ca_dirs: "[
{% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] -%}
'/usr/share/ca-certificates',
{% elif ansible_os_family == 'RedHat' -%}
'/etc/pki/tls',
'/etc/pki/ca-trust',
{% elif ansible_os_family == 'Debian' -%}
'/usr/share/ca-certificates',
{% endif -%}
]"
tags: facts
- include: "install_{{ kubelet_deployment_type }}.yml" - include: "install_{{ kubelet_deployment_type }}.yml"
- name: install | Write kubelet systemd init file - name: install | Write kubelet systemd init file

View file

@ -4,7 +4,3 @@
args: args:
creates: "/var/lib/cni" creates: "/var/lib/cni"
failed_when: false failed_when: false
- name: "Pre-upgrade | Make sure to restart kubelet if certificates changed"
command: /bin/true
notify: restart kubelet if secrets changed

View file

@ -136,6 +136,7 @@
- name: Gen_certs | Unpack certs on masters - name: Gen_certs | Unpack certs on masters
shell: "base64 -d < {{ cert_tempfile.stdout }} | tar xz -C {{ kube_cert_dir }}" shell: "base64 -d < {{ cert_tempfile.stdout }} | tar xz -C {{ kube_cert_dir }}"
no_log: true no_log: true
changed_when: false
check_mode: no check_mode: no
when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
inventory_hostname != groups['kube-master'][0] inventory_hostname != groups['kube-master'][0]
@ -153,6 +154,7 @@
args: args:
executable: /bin/bash executable: /bin/bash
no_log: true no_log: true
changed_when: false
check_mode: no check_mode: no
when: inventory_hostname in groups['kube-node'] and when: inventory_hostname in groups['kube-node'] and
sync_certs|default(false) and sync_certs|default(false) and