Stop using kubeadm to update server in kubeconfigs (#7338)
Using `kubeadm init phase kubeconfig all` breaks kubelet client certificate rotation
as we are missing `kubeadm init phase kubelet-finalize all` to point to `kubelet-client-current.pem`
kubeconfig format is stable so let's just use lineinfile,
this will avoid other future breakage
This revert to the logic before 6fe2248314
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
This commit is contained in:
parent
e442b1d2b9
commit
c9c0c01de0
1 changed files with 5 additions and 34 deletions
|
@ -1,34 +1,11 @@
|
||||||
---
|
---
|
||||||
- name: Test if correct apiserver is set in all kubeconfigs
|
|
||||||
shell: >-
|
|
||||||
grep -Fq "{{ kube_apiserver_endpoint }}" {{ kube_config_dir }}/admin.conf &&
|
|
||||||
grep -Fq "{{ kube_apiserver_endpoint }}" {{ kube_config_dir }}/controller-manager.conf &&
|
|
||||||
grep -Fq "{{ kube_apiserver_endpoint }}" {{ kube_config_dir }}/kubelet.conf &&
|
|
||||||
grep -Fq "{{ kube_apiserver_endpoint }}" {{ kube_config_dir }}/scheduler.conf
|
|
||||||
register: kubeconfig_correct_apiserver
|
|
||||||
changed_when: False
|
|
||||||
failed_when: False
|
|
||||||
|
|
||||||
- name: Create temporary directory
|
- name: Update server field in component kubeconfigs
|
||||||
tempfile:
|
lineinfile:
|
||||||
state: directory
|
|
||||||
register: kubeconfig_temp_dir
|
|
||||||
when: kubeconfig_correct_apiserver.rc != 0
|
|
||||||
|
|
||||||
- name: Generate new kubeconfigs with correct apiserver
|
|
||||||
command: >-
|
|
||||||
{{ bin_dir }}/kubeadm init phase kubeconfig all
|
|
||||||
--config {{ kube_config_dir }}/kubeadm-config.yaml
|
|
||||||
--kubeconfig-dir {{ kubeconfig_temp_dir.path }}
|
|
||||||
when: kubeconfig_correct_apiserver.rc != 0
|
|
||||||
|
|
||||||
- name: Copy new kubeconfigs to kube config dir
|
|
||||||
copy:
|
|
||||||
src: "{{ kubeconfig_temp_dir.path }}/{{ item }}"
|
|
||||||
dest: "{{ kube_config_dir }}/{{ item }}"
|
dest: "{{ kube_config_dir }}/{{ item }}"
|
||||||
mode: 0640
|
regexp: '^ server: https'
|
||||||
remote_src: yes
|
line: ' server: {{ kube_apiserver_endpoint }}'
|
||||||
when: kubeconfig_correct_apiserver.rc != 0
|
backup: yes
|
||||||
with_items:
|
with_items:
|
||||||
- admin.conf
|
- admin.conf
|
||||||
- controller-manager.conf
|
- controller-manager.conf
|
||||||
|
@ -38,9 +15,3 @@
|
||||||
- "Master | Restart kube-controller-manager"
|
- "Master | Restart kube-controller-manager"
|
||||||
- "Master | Restart kube-scheduler"
|
- "Master | Restart kube-scheduler"
|
||||||
- "Master | reload kubelet"
|
- "Master | reload kubelet"
|
||||||
|
|
||||||
- name: Cleanup temporary directory
|
|
||||||
file:
|
|
||||||
path: "{{ kubeconfig_temp_dir.path }}"
|
|
||||||
state: absent
|
|
||||||
when: kubeconfig_correct_apiserver.rc != 0
|
|
||||||
|
|
Loading…
Reference in a new issue