7cf6f3f3e1
* add CI test for auto_renew_certificates
* change timer value
fix typo error in rotate cert script
(cherry picked from commit cce0940e1f)
Conflicts:
roles/kubernetes/master/templates/k8s-certs-renew.timer.j2
24 lines
1.1 KiB
Django/Jinja
24 lines
1.1 KiB
Django/Jinja
#!/bin/bash
|
|
|
|
echo "## Expiration before renewal ##"
|
|
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') else '' }}certs check-expiration
|
|
|
|
echo "## Renewing certificates managed by kubeadm ##"
|
|
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') else '' }}certs renew all
|
|
|
|
echo "## Restarting control plane pods managed by kubeadm ##"
|
|
{% if container_manager == "docker" %}
|
|
{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f
|
|
{% else %}
|
|
{{ bin_dir }}/crictl pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs {{ bin_dir }}/crictl rmp -f
|
|
{% endif %}
|
|
|
|
echo "## Updating /root/.kube/config ##"
|
|
/usr/bin/cp {{ kube_config_dir }}/admin.conf /root/.kube/config
|
|
|
|
echo "## Waiting for apiserver to be up again ##"
|
|
until printf "" 2>>/dev/null >>/dev/tcp/127.0.0.1/6443; do sleep 1; done
|
|
|
|
echo "## Expiration after renewal ##"
|
|
{{ bin_dir }}/kubeadm {{ 'alpha ' if kube_version is version('v1.20.0', '<') else '' }}certs check-expiration
|