salt: add certs_renewal pillar entry for master role

This pillar entry will be consumed by the reactor listening for certificate expiration events. If the path of an expired certificate matches one in this list, the related `sls` will be run. Refs: #1887
scality · Nov 3, 2020 · f2e1b52 · f2e1b52
1 parent b72dddd
commit f2e1b52
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/pillar/metalk8s/roles/master.sls b/pillar/metalk8s/roles/master.sls
@@ -9,3 +9,17 @@ beacons:
     - notify_days: 15
     - interval: 86400  # once a day
     - disable_during_state_run: True
+
+certs_renewal:
+  - name: /etc/kubernetes/pki/apiserver-etcd-client.crt
+    sls:
+      - metalk8s.kubernetes.apiserver
+  - name: /etc/kubernetes/pki/front-proxy-client.crt
+    sls:
+      - metalk8s.kubernetes.apiserver
+  - name: /etc/kubernetes/pki/apiserver-kubelet-client.crt
+    sls:
+      - metalk8s.kubernetes.apiserver
+  - name: /etc/kubernetes/pki/apiserver.crt
+    sls:
+      - metalk8s.kubernetes.apiserver