github.com/jlmeeker/kismatic@v1.10.1-0.20180612190640-57f9005a1f1a/ansible/roles/kubenode-cert/tasks/main.yaml (about) 1 --- 2 # setup directories 3 - name: create directory for certificates 4 file: 5 path: "{{ kubernetes_certificates_dir }}" 6 state: directory 7 8 # copy CA certificate 9 - name: copy ca.pem 10 copy: 11 src: "{{ tls_directory }}/ca.pem" 12 dest: "{{ kubernetes_certificates.ca }}" 13 owner: "{{ kubernetes_certificates_owner }}" 14 group: "{{ kubernetes_certificates_group }}" 15 mode: "{{ kubernetes_certificates_mode }}" 16 17 # copy proxy-client CA certificate 18 - name: copy proxy-client-ca.pem 19 copy: 20 src: "{{ tls_directory }}/proxy-client-ca.pem" 21 dest: "{{ kubernetes_certificates.proxy_client_ca }}" 22 owner: "{{ kubernetes_certificates_owner }}" 23 group: "{{ kubernetes_certificates_group }}" 24 mode: "{{ kubernetes_certificates_mode }}" 25 26 # copy kubernetes control plane certificates 27 - name: copy master node TLS assets 28 copy: 29 src: "{{ tls_directory }}/{{ item.src }}" 30 dest: "{{ item.dest }}" 31 owner: "{{ kubernetes_certificates_owner }}" 32 group: "{{ kubernetes_certificates_group }}" 33 mode: "{{ kubernetes_certificates_mode }}" 34 when: "'master' in group_names" 35 with_items: 36 - src: "etcd-client.pem" 37 dest: "{{ kubernetes_certificates.etcd_client }}" 38 - src: "etcd-client-key.pem" 39 dest: "{{ kubernetes_certificates.etcd_client_key }}" 40 - src: "{{ inventory_hostname }}-apiserver.pem" 41 dest: "{{ kubernetes_certificates.api_server }}" 42 - src: "{{inventory_hostname}}-apiserver-key.pem" 43 dest: "{{ kubernetes_certificates.api_server_key }}" 44 - src: "kube-scheduler.pem" 45 dest: "{{ kubernetes_certificates.scheduler }}" 46 - src: "kube-scheduler-key.pem" 47 dest: "{{ kubernetes_certificates.scheduler_key }}" 48 - src: "kube-controller-manager.pem" 49 dest: "{{ kubernetes_certificates.controller_manager }}" 50 - src: "kube-controller-manager-key.pem" 51 dest: "{{ kubernetes_certificates.controller_manager_key }}" 52 - src: "apiserver-kubelet-client.pem" 53 dest: "{{ kubernetes_certificates.kube_apiserver_kubelet_client }}" 54 - src: "apiserver-kubelet-client-key.pem" 55 dest: "{{ kubernetes_certificates.kube_apiserver_kubelet_client_key }}" 56 - src: "proxy-client.pem" 57 dest: "{{ kubernetes_certificates.proxy_client }}" 58 - src: "proxy-client-key.pem" 59 dest: "{{ kubernetes_certificates.proxy_client_key }}" 60 - src: "service-account.pem" 61 dest: "{{ kubernetes_certificates.service_account }}" 62 - src: "service-account-key.pem" 63 dest: "{{ kubernetes_certificates.service_account_key }}" 64 65 # copy kubelet and etcd certificates 66 - name: copy kubernetes node client certificates 67 copy: 68 src: "{{ tls_directory }}/{{ item.src }}" 69 dest: "{{ item.dest }}" 70 owner: "{{ kubernetes_certificates_owner }}" 71 group: "{{ kubernetes_certificates_group }}" 72 mode: "{{ kubernetes_certificates_mode }}" 73 when: "['master','worker','ingress','storage'] | intersect(group_names) | length > 0" 74 with_items: 75 - src: "admin.pem" 76 dest: "{{ kubernetes_certificates.admin }}" 77 - src: "admin-key.pem" 78 dest: "{{ kubernetes_certificates.admin_key }}" 79 - src: "{{ inventory_hostname }}-kubelet.pem" 80 dest: "{{ kubernetes_certificates.kubelet }}" 81 - src: "{{ inventory_hostname }}-kubelet-key.pem" 82 dest: "{{ kubernetes_certificates.kubelet_key }}" 83 - src: "etcd-client.pem" 84 dest: "{{ kubernetes_certificates.etcd_client }}" 85 - src: "etcd-client-key.pem" 86 dest: "{{ kubernetes_certificates.etcd_client_key }}" 87 88 # Remove old certificates that were deployed in version <= 1.3.3 89 - name: "remove old certificates" 90 file: 91 path: "/etc/kubernetes/{{ item }}" 92 state: absent 93 when: "upgrading is defined and upgrading|bool == true" 94 with_items: 95 - ca.pem 96 - kubenode-key.pem 97 - kubenode.pem 98 - service-account-key.pem 99 - service-account.pem