Fix cinder & external_openstack cacert deployment

The CA cert was only deployed on master nodes
kubernetes-sigs · Sep 28, 2020 · da4c0df · da4c0df
1 parent aba63f0
commit da4c0df
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 10 deletions.
diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/cinder-write-cacert.yml
@@ -0,0 +1,12 @@
+---
+# include to workaround mitogen issue
+# https://github.com/dw/mitogen/issues/663
+
+- name: Cinder CSI Driver | Write cacert file
+  copy:
+    src: "{{ cinder_cacert }}"
+    dest: "{{ kube_config_dir }}/cinder-cacert.pem"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  tags: cinder-csi-driver
+  delegate_to: "{{ delegate_host_to_write_cacert }}"
diff --git a/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml b/roles/kubernetes-apps/csi_driver/cinder/tasks/main.yml
@@ -3,11 +3,11 @@
   tags: cinder-csi-driver
 
 - name: Cinder CSI Driver | Write cacert file
-  copy:
-    src: "{{ cinder_cacert }}"
-    dest: "{{ kube_config_dir }}/cinder-cacert.pem"
-    group: "{{ kube_cert_group }}"
-    mode: 0640
+  include_tasks: cinder-write-cacert.yml
+  run_once: true
+  loop: "{{ groups['k8s-cluster'] }}"
+  loop_control:
+    loop_var: delegate_host_to_write_cacert
   when:
     - inventory_hostname in groups['k8s-cluster']
     - cinder_cacert is defined

diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/main.yml
@@ -3,11 +3,11 @@
   tags: external-openstack
 
 - name: External OpenStack Cloud Controller | Write cacert file
-  copy:
-    src: "{{ external_openstack_cacert }}"
-    dest: "{{ kube_config_dir }}/external-openstack-cacert.pem"
-    group: "{{ kube_cert_group }}"
-    mode: 0640
+  include_tasks: openstack-write-cacert.yml
+  run_once: true
+  loop: "{{ groups['k8s-cluster'] }}"
+  loop_control:
+    loop_var: delegate_host_to_write_cacert
   when:
     - inventory_hostname in groups['k8s-cluster']
     - external_openstack_cacert is defined

diff --git a/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/openstack-write-cacert.yml b/roles/kubernetes-apps/external_cloud_controller/openstack/tasks/openstack-write-cacert.yml
@@ -0,0 +1,12 @@
+---
+# include to workaround mitogen issue
+# https://github.com/dw/mitogen/issues/663
+
+- name: External OpenStack Cloud Controller | Write cacert file
+  copy:
+    src: "{{ external_openstack_cacert }}"
+    dest: "{{ kube_config_dir }}/external-openstack-cacert.pem"
+    group: "{{ kube_cert_group }}"
+    mode: 0640
+  tags: external-openstack
+  delegate_to: "{{ delegate_host_to_write_cacert }}"