Skip to content

Commit

Permalink
Fixup kubelet.conf to point to kubelet-client-current.pem (kubernetes…
Browse files Browse the repository at this point in the history 
…-sigs#7347)

c9c0c01 only fix the problem for new clusters

Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
  • Loading branch information
@champtar @LuckySB
champtar authored and LuckySB committed Apr 6, 2021
1 parent 7a9a67f commit dbdde9c
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 0 deletions.
18 changes: 18 additions & 0 deletions roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
---
- name: Fixup kubelet client cert rotation 1/2
lineinfile:
path: "{{ kube_config_dir }}/kubelet.conf"
regexp: '^ client-certificate-data: '
line: ' client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem'
backup: yes
notify:
- "Master | reload kubelet"

- name: Fixup kubelet client cert rotation 2/2
lineinfile:
path: "{{ kube_config_dir }}/kubelet.conf"
regexp: '^ client-key-data: '
line: ' client-key: /var/lib/kubelet/pki/kubelet-client-current.pem'
backup: yes
notify:
- "Master | reload kubelet"
6 changes: 6 additions & 0 deletions roles/kubernetes/control-plane/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,9 @@
- name: Include kubeadm secondary server apiserver fixes
include_tasks: kubeadm-fix-apiserver.yml
when: kubeadm_enabled|bool|default(false)

- name: Include kubelet client cert rotation fixes
include_tasks: kubelet-fix-client-cert-rotation.yml
when:
- kubelet_rotate_certificates
- kubeadm_enabled|bool|default(false)

0 comments on commit dbdde9c

Please sign in to comment.