C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix cinder & external_openstack cacert deployment (#6745) (#6832)

Browse source 
The CA cert was only deployed on master nodes
This commit is contained in:
bozzo 2020-10-21 10:48:20 +02:00 committed by GitHub
parent 775cadda62
commit 087d9c204f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 34 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml Normal file
View file

@ -0,0 +1,12 @@
---
# include to workaround mitogen issue
# https://github.com/dw/mitogen/issues/663
- name: Cinder CSI Driver | Write cacert file
copy:
src: "{{ cinder_cacert }}"
dest: "{{ kube_config_dir }}/cinder-cacert.pem"
group: "{{ kube_cert_group }}"
mode: 0640
tags: cinder-csi-driver
delegate_to: "{{ delegate_host_to_write_cacert }}"

10
roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
View file

@ -3,11 +3,11 @@
tags: cinder-csi-driver tags: cinder-csi-driver
- name: Cinder CSI Driver | Write cacert file - name: Cinder CSI Driver | Write cacert file
copy: include_tasks: cinder-write-cacert.yml
src: "{{ cinder_cacert }}" run_once: true
dest: "{{ kube_config_dir }}/cinder-cacert.pem" loop: "{{ groups['k8s-cluster'] }}"
group: "{{ kube_cert_group }}" loop_control:
mode: 0640 loop_var: delegate_host_to_write_cacert
when: when:
- inventory_hostname in groups['k8s-cluster'] - inventory_hostname in groups['k8s-cluster']
- cinder_cacert is defined - cinder_cacert is defined

10
roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
View file

@ -3,11 +3,11 @@
tags: external-openstack tags: external-openstack
- name: External OpenStack Cloud Controller | Write cacert file - name: External OpenStack Cloud Controller | Write cacert file
copy: include_tasks: openstack-write-cacert.yml
src: "{{ external_openstack_cacert }}" run_once: true
dest: "{{ kube_config_dir }}/external-openstack-cacert.pem" loop: "{{ groups['k8s-cluster'] }}"
group: "{{ kube_cert_group }}" loop_control:
mode: 0640 loop_var: delegate_host_to_write_cacert
when: when:
- inventory_hostname in groups['k8s-cluster'] - inventory_hostname in groups['k8s-cluster']
- external_openstack_cacert is defined - external_openstack_cacert is defined

12
roles/kubernetes-apps/external_cloud_controller/openstack/tasks/openstack-write-cacert.yml Normal file
View file

@ -0,0 +1,12 @@
---
# include to workaround mitogen issue
# https://github.com/dw/mitogen/issues/663
- name: External OpenStack Cloud Controller | Write cacert file
copy:
src: "{{ external_openstack_cacert }}"
dest: "{{ kube_config_dir }}/external-openstack-cacert.pem"
group: "{{ kube_cert_group }}"
mode: 0640
tags: external-openstack
delegate_to: "{{ delegate_host_to_write_cacert }}"