Skip to content
This repository has been archived by the owner on Mar 2, 2022. It is now read-only.

Commit

Permalink
Update master role to talk to etcd over HTTPS
Browse files Browse the repository at this point in the history 
Signed-off-by: Alexander Brand <alexbrand09@gmail.com>
  • Loading branch information
@alexbrand
alexbrand committed Feb 26, 2019
1 parent 1cfbd61 commit e6f3727
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 0 deletions.
3 changes: 3 additions & 0 deletions ansible/roles/kubernetes-master/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,6 @@ kubernetes_master_kubeadm_config:
apiServerCertSANs: "{{ kubernetes_common_api_ip | kube_lookup_hostname(kubernetes_common_api_fqdn, True) }}"
etcd:
endpoints: "{{ etcd_client_endpoints }}"
caFile: "/etc/kubernetes/pki/etcd/ca.crt"
certFile: "/etc/kubernetes/pki/apiserver-etcd-client.crt"
keyFile: "/etc/kubernetes/pki/apiserver-etcd-client.key"
27 changes: 27 additions & 0 deletions ansible/roles/kubernetes-master/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,33 @@
path: /etc/kubernetes/manifests/kube-apiserver.yaml
register: kubeadm_apiserver_manifest

- name: create kubernetes pki directory
file:
dest: /etc/kubernetes/pki/etcd
state: directory
owner: root
group: root

- name: slurp the etcd pki assets destined for the masters
slurp: src=/etc/kubernetes/pki/{{ item }}
with_items:
- apiserver-etcd-client.crt
- apiserver-etcd-client.key
- etcd/ca.crt
register: etcd_ca_pki
delegate_to: "{{ groups['etcd']|first }}"
run_once: true

- name: add etcd pki assets
no_log: True
copy:
dest: "{{ item.source }}"
content: "{{ item.content | b64decode }}"
owner: root
group: root
mode: 0700
with_items: "{{ etcd_ca_pki.results }}"

- name: drop kubeadm template
template:
src: etc/kubernetes/kubeadm.conf
Expand Down

0 comments on commit e6f3727

Please sign in to comment.