--- - name: sync_kube_node_certs | Create list of needed certs set_fact: kube_node_cert_list: "{{ kube_node_cert_list|default([]) + ['node-' + item + '.pem'] }}" with_items: "{{ groups['k8s-cluster'] }}" - include: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ kube_cert_dir }}" sync_file_group: "{{ kube_cert_group }}" sync_file_hosts: "{{ groups['k8s-cluster'] }}" sync_file_is_cert: true sync_file_owner: kube with_items: "{{ kube_node_cert_list|default([]) }}" - name: sync_kube_node_certs | Set facts for kube-master sync_file results set_fact: kube_node_certs_needed: "{{ kube_node_certs_needed|default([]) + [item.path] }}" with_items: "{{ sync_file_results|d([]) }}" when: item.no_srcs|bool - name: sync_kube_node_certs | Unset sync_file_results after kube node certs set_fact: sync_file_results: [] - include: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: ca.pem sync_file_dir: "{{ kube_cert_dir }}" sync_file_group: "{{ kube_cert_group }}" sync_file_hosts: "{{ groups['k8s-cluster'] }}" sync_file_owner: kube - name: sync_kube_node_certs | Unset sync_file_results after ca.pem set_fact: sync_file_results: [] - name: sync_kube_node_certs | Create list of needed kube-proxy certs set_fact: kube_proxy_cert_list: "{{ kube_proxy_cert_list|default([]) + ['kube-proxy-' + item + '.pem'] }}" with_items: "{{ groups['k8s-cluster'] }}" - include: ../../../vault/tasks/shared/sync_file.yml vars: sync_file: "{{ item }}" sync_file_dir: "{{ kube_cert_dir }}" sync_file_group: "{{ kube_cert_group }}" sync_file_hosts: "{{ groups['k8s-cluster'] }}" sync_file_owner: kube with_items: "{{ kube_proxy_cert_list|default([]) }}" - name: sync_kube_node_certs | Set facts for kube-proxy sync_file results set_fact: kube_proxy_certs_needed: "{{ kube_proxy_certs_needed|default([]) + [item.path] }}" with_items: "{{ sync_file_results|d([]) }}" when: item.no_srcs|bool - name: sync_kube_node_certs | Unset sync_file_results after kube proxy certs set_fact: sync_file_results: []