42 lines
1.4 KiB
YAML
42 lines
1.4 KiB
YAML
---
|
|
#- name: Get create ca cert script from Kubernetes
|
|
# get_url:
|
|
# url=https://raw.githubusercontent.com/GoogleCloudPlatform/kubernetes/master/cluster/saltbase/salt/generate-cert/make-ca-cert.sh
|
|
# dest={{ kube_script_dir }}/make-ca-cert.sh mode=0500
|
|
# force=yes
|
|
|
|
- name: certs | install cert generation script
|
|
copy:
|
|
src=make-ca-cert.sh
|
|
dest={{ kube_script_dir }}
|
|
mode=0500
|
|
changed_when: false
|
|
|
|
# FIXME This only generates a cert for one master...
|
|
- name: certs | run cert generation script
|
|
command:
|
|
"{{ kube_script_dir }}/make-ca-cert.sh {{ inventory_hostname }}"
|
|
args:
|
|
creates: "{{ kube_cert_dir }}/server.crt"
|
|
environment:
|
|
MASTER_IP: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
|
|
MASTER_NAME: "{{ inventory_hostname }}"
|
|
DNS_DOMAIN: "{{ dns_domain }}"
|
|
SERVICE_CLUSTER_IP_RANGE: "{{ kube_service_addresses }}"
|
|
CERT_DIR: "{{ kube_cert_dir }}"
|
|
CERT_GROUP: "{{ kube_cert_group }}"
|
|
|
|
- name: certs | check certificate permissions
|
|
file:
|
|
path={{ item }}
|
|
group={{ kube_cert_group }}
|
|
owner=kube
|
|
mode=0440
|
|
with_items:
|
|
- "{{ kube_cert_dir }}/ca.crt"
|
|
- "{{ kube_cert_dir }}/server.crt"
|
|
- "{{ kube_cert_dir }}/server.key"
|
|
- "{{ kube_cert_dir }}/kubecfg.crt"
|
|
- "{{ kube_cert_dir }}/kubecfg.key"
|
|
- "{{ kube_cert_dir }}/kubelet.crt"
|
|
- "{{ kube_cert_dir }}/kubelet.key"
|