From 57d9df074f36bcfb516103a4205c73b45ad9ddc9 Mon Sep 17 00:00:00 2001 From: Etienne Champetier Date: Tue, 9 Mar 2021 02:55:00 -0500 Subject: [PATCH] Fixup kubelet.conf to point to kubelet-client-current.pem (#7347) c9c0c01de019e502b2e73e6fd65e9bf52e063bb6 only fix the problem for new clusters Signed-off-by: Etienne Champetier --- .../tasks/kubelet-fix-client-cert-rotation.yml | 18 ++++++++++++++++++ roles/kubernetes/master/tasks/main.yml | 4 ++++ 2 files changed, 22 insertions(+) create mode 100644 roles/kubernetes/master/tasks/kubelet-fix-client-cert-rotation.yml diff --git a/roles/kubernetes/master/tasks/kubelet-fix-client-cert-rotation.yml b/roles/kubernetes/master/tasks/kubelet-fix-client-cert-rotation.yml new file mode 100644 index 00000000000..7d0c1a0d59e --- /dev/null +++ b/roles/kubernetes/master/tasks/kubelet-fix-client-cert-rotation.yml @@ -0,0 +1,18 @@ +--- +- name: Fixup kubelet client cert rotation 1/2 + lineinfile: + path: "{{ kube_config_dir }}/kubelet.conf" + regexp: '^ client-certificate-data: ' + line: ' client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem' + backup: yes + notify: + - "Master | reload kubelet" + +- name: Fixup kubelet client cert rotation 2/2 + lineinfile: + path: "{{ kube_config_dir }}/kubelet.conf" + regexp: '^ client-key-data: ' + line: ' client-key: /var/lib/kubelet/pki/kubelet-client-current.pem' + backup: yes + notify: + - "Master | reload kubelet" diff --git a/roles/kubernetes/master/tasks/main.yml b/roles/kubernetes/master/tasks/main.yml index a85dddfb9c5..8bfc8d75d8d 100644 --- a/roles/kubernetes/master/tasks/main.yml +++ b/roles/kubernetes/master/tasks/main.yml @@ -62,3 +62,7 @@ - name: Include kubeadm secondary server apiserver fixes include_tasks: kubeadm-fix-apiserver.yml + +- name: Include kubelet client cert rotation fixes + include_tasks: kubelet-fix-client-cert-rotation.yml + when: kubelet_rotate_certificates