c12s-kubespray/roles/kubernetes/secrets/tasks/gen_tokens.yml
Smana 91fca69aa0 generate secrets on deployment machine
test travis with sudo=true instead of required
2016-02-13 06:51:54 +01:00

30 lines
981 B
YAML

---
- name: tokens | generate tokens for master components
sudo: False
local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
environment:
TOKEN_DIR: "{{ role_path }}/files/tokens"
with_nested:
- [ "system:kubectl" ]
- "{{ groups['kube-master'] }}"
register: gentoken_master
changed_when: "'Added' in gentoken_master.stdout"
notify: set secret_changed
- name: tokens | generate tokens for node components
sudo: False
local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
environment:
TOKEN_DIR: "{{ role_path }}/files/tokens"
with_nested:
- [ 'system:kubelet' ]
- "{{ groups['kube-node'] }}"
register: gentoken_node
changed_when: "'Added' in gentoken_node.stdout"
notify: set secret_changed
- name: tokens | Copy tokens on master
copy:
src: "tokens"
dest: "/etc/kubernetes"
when: inventory_hostname in "{{ groups['kube-master'] }}"