Add auto_renew_certificates_systemd_calendar (#7490)

This allow to configure when K8S certificates renewal runs Signed-off-by: Etienne Champetier <[email protected]>
kubernetes-sigs · Apr 12, 2021 · bf6a39e · bf6a39e
1 parent 42382e2
commit bf6a39e
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -306,3 +306,5 @@ event_ttl_duration: "1h0m0s"
 
 ## Automatically renew K8S control plane certificates on first Monday of each month
 auto_renew_certificates: false
+# First Monday of each month
+# auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
diff --git a/roles/kubernetes/control-plane/defaults/main/main.yml b/roles/kubernetes/control-plane/defaults/main/main.yml
@@ -191,3 +191,5 @@ event_ttl_duration: "1h0m0s"
 
 ## Automatically renew K8S control plane certificates on first Monday of each month
 auto_renew_certificates: false
+# First Monday of each month
+auto_renew_certificates_systemd_calendar: "Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00"
diff --git a/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2 b/roles/kubernetes/control-plane/templates/k8s-certs-renew.timer.j2
@@ -2,8 +2,7 @@
 Description=Timer to renew K8S control plane certificates
 
 [Timer]
-# First Monday of each month
-OnCalendar=Mon *-*-1,2,3,4,5,6,7 03:{{ groups['kube_control_plane'].index(inventory_hostname) }}0:00
+OnCalendar={{ auto_renew_certificates_systemd_calendar }}
 
 [Install]
 WantedBy=multi-user.target