C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove node name from kube-proxy and admin certificates

Browse source
This commit is contained in:
mkrasilnikov 2017-09-05 14:40:26 +03:00
parent b930b0ef5a
commit 957b7115fe
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/kubernetes/secrets/tasks/gen_certs_vault.yml
View file

@ -8,7 +8,7 @@
# Issue admin certs to kube-master hosts # Issue admin certs to kube-master hosts
- include: ../../../vault/tasks/shared/issue_cert.yml - include: ../../../vault/tasks/shared/issue_cert.yml
vars: vars:
issue_cert_common_name: "admin:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}" issue_cert_common_name: "admin"
issue_cert_copy_ca: "{{ item == kube_admin_certs_needed|first }}" issue_cert_copy_ca: "{{ item == kube_admin_certs_needed|first }}"
issue_cert_file_group: "{{ kube_cert_group }}" issue_cert_file_group: "{{ kube_cert_group }}"
issue_cert_file_owner: kube issue_cert_file_owner: kube
@ -80,7 +80,7 @@
# Issue proxy certs to k8s-cluster nodes # Issue proxy certs to k8s-cluster nodes
- include: ../../../vault/tasks/shared/issue_cert.yml - include: ../../../vault/tasks/shared/issue_cert.yml
vars: vars:
issue_cert_common_name: "system:kube-proxy:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}" issue_cert_common_name: "system:kube-proxy"
issue_cert_copy_ca: "{{ item == kube_proxy_certs_needed|first }}" issue_cert_copy_ca: "{{ item == kube_proxy_certs_needed|first }}"
issue_cert_file_group: "{{ kube_cert_group }}" issue_cert_file_group: "{{ kube_cert_group }}"
issue_cert_file_owner: kube issue_cert_file_owner: kube

2
roles/vault/tasks/bootstrap/main.yml
View file

@ -6,7 +6,7 @@
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault
- include: ../shared/find_leader.yml - include: ../shared/find_leader.yml
when: inventory_hostname in groups.vault and vault_cluster_is_initialized|d() when: inventory_hostname in groups.vault and vault_cluster_is_initialized
- include: sync_vault_certs.yml - include: sync_vault_certs.yml
when: inventory_hostname in groups.vault when: inventory_hostname in groups.vault