From e7fad8224db994d9b4d421d030d55f8e6dd70c6e Mon Sep 17 00:00:00 2001 From: Etienne Champetier Date: Mon, 12 Apr 2021 12:47:45 -0400 Subject: [PATCH] Add auto_renew_certificates_systemd_calendar (#7490) This allow to configure when K8S certificates renewal runs Signed-off-by: Etienne Champetier (cherry picked from commit bf6a39eb841edbd86c92f747b87bffe836121946) Conflicts: inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml roles/kubernetes/master/defaults/main/main.yml roles/kubernetes/master/templates/k8s-certs-renew.timer.j2 --- inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml | 2 ++ roles/kubernetes/master/defaults/main/main.yml | 2 ++ roles/kubernetes/master/templates/k8s-certs-renew.timer.j2 | 3 +-- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml index 38b3b37a6..57de2b7a2 100644 --- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml +++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml @@ -313,3 +313,5 @@ event_ttl_duration: "1h0m0s" ## Automatically renew K8S control plane certificates on first Monday of each month auto_renew_certificates: false +# First Monday of each month +# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00" diff --git a/roles/kubernetes/master/defaults/main/main.yml b/roles/kubernetes/master/defaults/main/main.yml index c671326dd..0233e5142 100644 --- a/roles/kubernetes/master/defaults/main/main.yml +++ b/roles/kubernetes/master/defaults/main/main.yml @@ -197,3 +197,5 @@ event_ttl_duration: "1h0m0s" ## Automatically renew K8S control plane certificates on first Monday of each month auto_renew_certificates: false +# First Monday of each month +auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00" diff --git a/roles/kubernetes/master/templates/k8s-certs-renew.timer.j2 b/roles/kubernetes/master/templates/k8s-certs-renew.timer.j2 index c5fe117e8..904f0073c 100644 --- a/roles/kubernetes/master/templates/k8s-certs-renew.timer.j2 +++ b/roles/kubernetes/master/templates/k8s-certs-renew.timer.j2 @@ -2,8 +2,7 @@ Description=Timer to renew K8S control plane certificates [Timer] -# First Monday of each month -OnCalendar=Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube-master'].index(inventory_hostname) }}0:00 +OnCalendar={{ auto_renew_certificates_systemd_calendar }} [Install] WantedBy=multi-user.target