Reverted leftover tasks from cert rotation functionality.

2017-06-20 13:29:31 -04:00 · 2017-06-20 13:29:31 -04:00 · 41298ccea5
commit 41298ccea5
parent d2131a8652
6 changed files with 19 additions and 24 deletions
--- a/roles/kargo-defaults/defaults/main.yaml
+++ b/roles/kargo-defaults/defaults/main.yaml
@ -115,19 +115,8 @@ k8s_image_pull_policy: IfNotPresent
 efk_enabled: false
 enable_network_policy: false
-## List of authorization plugins that must be configured for
+## List of authorization modes that must be configured for
-## the k8s cluster.
+## the k8s cluster. Only 'AlwaysAllow','AlwaysDeny', and
 ## 'RBAC' modes are tested.
 authorization_mode: ['AlwaysAllow']
 rbac_enabled: "{{ 'RBAC' in authorization_mode }}"
 ssl_ca_dirs: "[
      {% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] -%}
      '/usr/share/ca-certificates',
      {% elif ansible_os_family == 'RedHat' -%}
      '/etc/pki/tls',
      '/etc/pki/ca-trust',
      {% elif ansible_os_family == 'Debian' -%}
      '/usr/share/ca-certificates',
      {% endif -%}
    ]"
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml
@ -47,4 +47,3 @@ spec:
          - --logtostderr=true
          - --v=2
      serviceAccountName: cluster-proportional-autoscaler
      serviceAccount: cluster-proportional-autoscaler
--- a/roles/kubernetes/node/handlers/main.yml
+++ b/roles/kubernetes/node/handlers/main.yml
@ -1,9 +1,4 @@
 ---
 - name: restart kubelet if secrets changed
  command: /bin/true
  when: secret_changed|d(False)
  notify: restart kubelet
 - name: restart kubelet
  command: /bin/true
  notify:
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@ -1,4 +1,18 @@
 ---
 - name: install | Set SSL CA directories
  set_fact:
    ssl_ca_dirs: "[
      {% if ansible_os_family in ['CoreOS', 'Container Linux by CoreOS'] -%}
      '/usr/share/ca-certificates',
      {% elif ansible_os_family == 'RedHat' -%}
      '/etc/pki/tls',
      '/etc/pki/ca-trust',
      {% elif ansible_os_family == 'Debian' -%}
      '/usr/share/ca-certificates',
      {% endif -%}
    ]"
  tags: facts
 - include: "install_{{ kubelet_deployment_type }}.yml"
 - name: install | Write kubelet systemd init file
--- a/roles/kubernetes/node/tasks/pre_upgrade.yml
+++ b/roles/kubernetes/node/tasks/pre_upgrade.yml
@ -4,7 +4,3 @@
  args:
    creates: "/var/lib/cni"
  failed_when: false
 - name: "Pre-upgrade | Make sure to restart kubelet if certificates changed"
  command: /bin/true
  notify: restart kubelet if secrets changed
--- a/roles/kubernetes/secrets/tasks/gen_certs_script.yml
+++ b/roles/kubernetes/secrets/tasks/gen_certs_script.yml
@ -136,6 +136,7 @@
 - name: Gen_certs | Unpack certs on masters
  shell: "base64 -d < {{ cert_tempfile.stdout }} | tar xz -C {{ kube_cert_dir }}"
  no_log: true
  changed_when: false
  check_mode: no
  when: inventory_hostname in groups['kube-master'] and sync_certs|default(false) and
        inventory_hostname != groups['kube-master'][0]
@ -153,6 +154,7 @@
  args:
    executable: /bin/bash
  no_log: true
  changed_when: false
  check_mode: no
  when: inventory_hostname in groups['kube-node'] and
        sync_certs|default(false) and