Merge pull request #2585 from georgejdli/fix-sa-token-signing

check if dedicated service account token signing key exists
2018-04-02 14:23:49 -05:00 · 2018-04-02 14:23:49 -05:00 · 6f3ff70b17
commit 6f3ff70b17
parent cac2196ad5 76bb5f8d75
1 changed files with 3 additions and 1 deletions
--- a/roles/kubernetes/secrets/tasks/check-certs.yml
+++ b/roles/kubernetes/secrets/tasks/check-certs.yml
@ -50,6 +50,7 @@
       '{{ kube_cert_dir }}/kube-controller-manager-key.pem',
       '{{ kube_cert_dir }}/front-proxy-client.pem',
       '{{ kube_cert_dir }}/front-proxy-client-key.pem',
+       '{{ kube_cert_dir }}/service-account-key.pem',
       {% for host in groups['kube-master'] %}
       '{{ kube_cert_dir }}/admin-{{ host }}.pem'
       '{{ kube_cert_dir }}/admin-{{ host }}-key.pem'
@ -71,7 +72,8 @@
      {% for cert in ['apiserver.pem', 'apiserver-key.pem',
                      'kube-scheduler.pem','kube-scheduler-key.pem',
                      'kube-controller-manager.pem','kube-controller-manager-key.pem',
-                      'front-proxy-client.pem','front-proxy-client-key.pem'] -%}
+                      'front-proxy-client.pem','front-proxy-client-key.pem',
+                      'service-account-key.pem'] -%}
        {% set cert_file = "%s/%s.pem"|format(kube_cert_dir, cert) %}
        {% if not cert_file in existing_certs -%}
        {%- set gen = True -%}