c12s-kubespray/roles/kubernetes/master/tasks/kubeadm-certificate.yml
Matthew Mosesohn db5040e6ea Set certs and files with kubeadm token to mode 0640 (#5325)
Change-Id: I298496e55a6889c158b2085fcadeda5e679a873e
2019-11-11 05:41:41 -08:00

15 lines
618 B
YAML

---
- name: Backup old certs and keys
copy:
src: "{{ kube_cert_dir }}/{{ item.src }}"
dest: "{{ kube_cert_dir }}/{{ item.dest }}"
mode: 0640
remote_src: yes
with_items:
- {src: apiserver.crt, dest: apiserver.crt.old}
- {src: apiserver.key, dest: apiserver.key.old}
- {src: apiserver-kubelet-client.crt, dest: apiserver-kubelet-client.crt.old}
- {src: apiserver-kubelet-client.key, dest: apiserver-kubelet-client.key.old}
- {src: front-proxy-client.crt, dest: front-proxy-client.crt.old}
- {src: front-proxy-client.key, dest: front-proxy-client.key.old}
ignore_errors: yes