5834e609a6
* Add scale master features * Add certificate management with kubeadm * Add kubeadm kubeconfig * Fix ymalroles error * fix upgrade cluster fialed * force update cert and keys when you reconfigure cluster
42 lines
1.5 KiB
YAML
42 lines
1.5 KiB
YAML
---
|
|
- name: Backup old certs and keys
|
|
copy:
|
|
src: "{{ kube_cert_dir }}/{{ item.src }}"
|
|
dest: "{{ kube_cert_dir }}/{{ item.dest }}"
|
|
remote_src: yes
|
|
with_items:
|
|
- {src: apiserver.crt, dest: apiserver.crt.old}
|
|
- {src: apiserver.key, dest: apiserver.key.old}
|
|
- {src: apiserver-kubelet-client.crt, dest: apiserver-kubelet-client.crt.old}
|
|
- {src: apiserver-kubelet-client.key, dest: apiserver-kubelet-client.key.old}
|
|
- {src: front-proxy-client.crt, dest: front-proxy-client.crt.old}
|
|
- {src: front-proxy-client.key, dest: front-proxy-client.key.old}
|
|
ignore_errors: yes
|
|
|
|
- name: Remove old certs and keys
|
|
file:
|
|
path: "{{ kube_cert_dir }}/{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- apiserver.crt
|
|
- apiserver.key
|
|
- apiserver-kubelet-client.crt
|
|
- apiserver-kubelet-client.key
|
|
- front-proxy-client.crt
|
|
- front-proxy-client.key
|
|
|
|
- name: Generate new certs and keys
|
|
command: "{{ bin_dir }}/kubeadm init phase certs {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml"
|
|
with_items:
|
|
- apiserver
|
|
- apiserver-kubelet-client
|
|
- front-proxy-client
|
|
when: inventory_hostname == groups['kube-master']|first and kubeadm_version is version('v1.13.0', '>=')
|
|
|
|
- name: Generate new certs and keys
|
|
command: "{{ bin_dir }}/kubeadm alpha phase certs {{ item }} --config={{ kube_config_dir }}/kubeadm-config.yaml"
|
|
with_items:
|
|
- apiserver
|
|
- apiserver-kubelet-client
|
|
- front-proxy-client
|
|
when: inventory_hostname == groups['kube-master']|first and kubeadm_version is version('v1.13.0', '<')
|