efa180392b
While at it remove force_certificate_regeneration This boolean only forced the renewal of the apiserver certs Either manually use k8s-certs-renew.sh or set auto_renew_certificates Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
23 lines
971 B
Django/Jinja
23 lines
971 B
Django/Jinja
#!/bin/bash
|
|
|
|
echo "## Expiration before renewal ##"
|
|
{{ bin_dir }}/kubeadm certs check-expiration
|
|
|
|
echo "## Renewing certificates managed by kubeadm ##"
|
|
{{ bin_dir }}/kubeadm certs renew all
|
|
|
|
echo "## Restarting control plane pods managed by kubeadm ##"
|
|
{% if container_manager == "docker" %}
|
|
{{ docker_bin_dir }}/docker ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs {{ docker_bin_dir }}/docker rm -f"
|
|
{% else %}
|
|
{{ bin_dir }}/crictl pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs {{ bin_dir }}/crictl rmp -f
|
|
{% endif %}
|
|
|
|
echo "## Updating /root/.kube/config ##"
|
|
/usr/bin/cp {{ kube_config_dir }}/admin.conf /root/.kube/config
|
|
|
|
echo "## Waiting for apiserver to be up again ##"
|
|
until printf "" 2>>/dev/null >>/dev/tcp/127.0.0.1/6443; do sleep 1; done
|
|
|
|
echo "## Expiration after renewal ##"
|
|
{{ bin_dir }}/kubeadm certs check-expiration
|