Merge pull request #1585 from mattymo/canal_upgrade
Fix upgrade for canal and apiserver cert
This commit is contained in:
commit
72a0d78b3c
3 changed files with 11 additions and 15 deletions
|
@ -8,18 +8,6 @@
|
|||
resource: "configmap"
|
||||
namespace: "{{system_namespace}}"
|
||||
|
||||
# FIXME: remove if kubernetes/features#124 is implemented
|
||||
- name: Purge old flannel and canal-node
|
||||
run_once: true
|
||||
kube:
|
||||
name: "canal-node"
|
||||
kubectl: "{{ bin_dir }}/kubectl"
|
||||
filename: "{{ kube_config_dir }}/canal-node.yaml"
|
||||
resource: "ds"
|
||||
namespace: "{{system_namespace}}"
|
||||
state: absent
|
||||
when: inventory_hostname == groups['kube-master'][0] and canal_node_manifest.changed
|
||||
|
||||
- name: Start flannel and calico-node
|
||||
run_once: true
|
||||
kube:
|
||||
|
|
|
@ -82,10 +82,13 @@ gen_key_and_cert() {
|
|||
|
||||
# Admins
|
||||
if [ -n "$MASTERS" ]; then
|
||||
# If any host requires new certs, just regenerate all master certs
|
||||
# kube-apiserver
|
||||
# Generate only if we don't have existing ca and apiserver certs
|
||||
if ! [ -e "$SSLDIR/ca-key.pem" ] || ! [ -e "$SSLDIR/apiserver-key.pem" ]; then
|
||||
gen_key_and_cert "apiserver" "/CN=kube-apiserver"
|
||||
cat ca.pem >> apiserver.pem
|
||||
fi
|
||||
# If any host requires new certs, just regenerate scheduler and controller-manager master certs
|
||||
# kube-scheduler
|
||||
gen_key_and_cert "kube-scheduler" "/CN=system:kube-scheduler"
|
||||
# kube-controller-manager
|
||||
|
|
|
@ -3,6 +3,7 @@ kind: DaemonSet
|
|||
apiVersion: extensions/v1beta1
|
||||
metadata:
|
||||
name: canal-node
|
||||
namespace: {{ system_namespace }}
|
||||
labels:
|
||||
k8s-app: canal-node
|
||||
spec:
|
||||
|
@ -180,3 +181,7 @@ spec:
|
|||
- name: "canal-certs"
|
||||
mountPath: "{{ canal_cert_dir }}"
|
||||
readOnly: true
|
||||
updateStrategy:
|
||||
rollingUpdate:
|
||||
maxUnavailable: 1
|
||||
type: RollingUpdate
|
||||
|
|
Loading…
Reference in a new issue