From 9722e227a62965206b67fa0af13a6fc3a175e01d Mon Sep 17 00:00:00 2001 From: Etienne Champetier Date: Thu, 4 Mar 2021 13:33:48 -0500 Subject: [PATCH] Fixup kubelet.conf to point to kubelet-client-current.pem c9c0c01de019e502b2e73e6fd65e9bf52e063bb6 only fix the problem for new clusters Signed-off-by: Etienne Champetier --- .../tasks/kubelet-fix-client-cert-rotation.yml | 18 ++++++++++++++++++ roles/kubernetes/control-plane/tasks/main.yml | 4 ++++ 2 files changed, 22 insertions(+) create mode 100644 roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml diff --git a/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml b/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml new file mode 100644 index 00000000000..7d0c1a0d59e --- /dev/null +++ b/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml @@ -0,0 +1,18 @@ +--- +- name: Fixup kubelet client cert rotation 1/2 + lineinfile: + path: "{{ kube_config_dir }}/kubelet.conf" + regexp: '^ client-certificate-data: ' + line: ' client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem' + backup: yes + notify: + - "Master | reload kubelet" + +- name: Fixup kubelet client cert rotation 2/2 + lineinfile: + path: "{{ kube_config_dir }}/kubelet.conf" + regexp: '^ client-key-data: ' + line: ' client-key: /var/lib/kubelet/pki/kubelet-client-current.pem' + backup: yes + notify: + - "Master | reload kubelet" diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml index a85dddfb9c5..8bfc8d75d8d 100644 --- a/roles/kubernetes/control-plane/tasks/main.yml +++ b/roles/kubernetes/control-plane/tasks/main.yml @@ -62,3 +62,7 @@ - name: Include kubeadm secondary server apiserver fixes include_tasks: kubeadm-fix-apiserver.yml + +- name: Include kubelet client cert rotation fixes + include_tasks: kubelet-fix-client-cert-rotation.yml + when: kubelet_rotate_certificates