C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add CI test for auto_renew_certificates (#7472)

Browse source 
* add CI test for auto_renew_certificates

* change timer value

fix typo error in rotate cert script

(cherry picked from commit cce0940e1f)

Conflicts:
	roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
This commit is contained in:
Sergey 2021-04-09 10:42:47 +03:00 committed by Kubernetes Prow Robot
parent 383b2fcb4e
commit 7cf6f3f3e1
13 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/kubernetes/master/templates/k8s-certs-renew.sh.j2
View file

@ -8,7 +8,7 @@ echo "## Renewing certificates managed by kubeadm ##"
echo "## Restarting control plane pods managed by kubeadm ##" echo "## Restarting control plane pods managed by kubeadm ##"
{% if container_manager == "docker" %} {% if container_manager == "docker" %}
{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f" {{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f
{% else %} {% else %}
{{ bin_dir }}/crictl pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs {{ bin_dir }}/crictl rmp -f {{ bin_dir }}/crictl pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs {{ bin_dir }}/crictl rmp -f
{% endif %} {% endif %}

2
roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
View file

@ -3,7 +3,7 @@ Description=Timer to renew K8S control plane certificates
[Timer] [Timer]
# First Monday of each month # First Monday of each month
OnCalendar=Mon *-*-1..7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00 OnCalendar=Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

2
tests/files/packet_centos7-calico-ha-once-localhost.yml
View file

@ -13,3 +13,5 @@ typha_enabled: true
calico_backend: kdd calico_backend: kdd
typha_secure: true typha_secure: true
disable_ipv6_dns: true disable_ipv6_dns: true
auto_renew_certificates: true

2
tests/files/packet_centos7-calico-ha.yml
View file

@ -12,3 +12,5 @@ dns_min_replicas: 1
typha_enabled: true typha_enabled: true
calico_backend: kdd calico_backend: kdd
typha_secure: true typha_secure: true
auto_renew_certificates: true

2
tests/files/packet_centos8-crio.yml
View file

@ -13,3 +13,5 @@ etcd_deployment_type: host
# required # required
calico_iptables_backend: "Auto" calico_iptables_backend: "Auto"
auto_renew_certificates: true

2
tests/files/packet_debian10-containerd.yml
View file

@ -14,3 +14,5 @@ helm_enabled: true
# https://gitlab.com/miouge/kubespray-ci/-/blob/a4fd5ed6857807f1c353cb60848aedebaf7d2c94/manifests/http-proxy.yml#L42 # https://gitlab.com/miouge/kubespray-ci/-/blob/a4fd5ed6857807f1c353cb60848aedebaf7d2c94/manifests/http-proxy.yml#L42
http_proxy: http://172.30.30.30:8888 http_proxy: http://172.30.30.30:8888
https_proxy: http://172.30.30.30:8888 https_proxy: http://172.30.30.30:8888
auto_renew_certificates: true

2
tests/files/packet_debian9-macvlan.yml
View file

@ -10,3 +10,5 @@ enable_nodelocaldns: false
dns_min_replicas: 1 dns_min_replicas: 1
kube_proxy_masquerade_all: true kube_proxy_masquerade_all: true
macvlan_interface: "eth0" macvlan_interface: "eth0"
auto_renew_certificates: true

2
tests/files/packet_fedora33-calico.yml
View file

@ -10,3 +10,5 @@ kube_network_plugin: calico
# Only docker package 20.10 for Fedora33 # Only docker package 20.10 for Fedora33
docker_version: '20.10' docker_version: '20.10'
auto_renew_certificates: true

2
tests/files/packet_opensuse-canal.yml
View file

@ -11,3 +11,5 @@ dns_min_replicas: 1
# test Ambassador # test Ambassador
ingress_ambassador_enabled: true ingress_ambassador_enabled: true
auto_renew_certificates: true

2
tests/files/packet_oracle7-canal-ha.yml
View file

@ -9,3 +9,5 @@ kube_network_plugin: canal
dynamic_kubelet_configuration: true dynamic_kubelet_configuration: true
deploy_netchecker: true deploy_netchecker: true
dns_min_replicas: 1 dns_min_replicas: 1
auto_renew_certificates: true

2
tests/files/packet_ubuntu16-weave-sep.yml
View file

@ -7,3 +7,5 @@ mode: separate
kube_network_plugin: weave kube_network_plugin: weave
deploy_netchecker: true deploy_netchecker: true
dns_min_replicas: 1 dns_min_replicas: 1
auto_renew_certificates: true

2
tests/files/packet_ubuntu18-cilium-sep.yml
View file

@ -8,3 +8,5 @@ kube_network_plugin: cilium
deploy_netchecker: true deploy_netchecker: true
enable_network_policy: true enable_network_policy: true
dns_min_replicas: 1 dns_min_replicas: 1
auto_renew_certificates: true

2
tests/files/packet_ubuntu20-calico-aio.yml
View file

@ -12,3 +12,5 @@ dns_min_replicas: 1
# Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
kube_proxy_mode: iptables kube_proxy_mode: iptables
enable_nodelocaldns: False enable_nodelocaldns: False
auto_renew_certificates: true