From 14b63ede8c311685088f38ba00a032ee4a828c09 Mon Sep 17 00:00:00 2001
From: Etienne Champetier <e.champetier@ateme.com>
Date: Tue, 9 Mar 2021 02:55:00 -0500
Subject: [PATCH] Fixup kubelet.conf to point to kubelet-client-current.pem
(#7347)
c9c0c01de019e502b2e73e6fd65e9bf52e063bb6 only fix the problem for new clusters
Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
---
.../tasks/kubelet-fix-client-cert-rotation.yml | 18 ++++++++++++++++++
roles/kubernetes/control-plane/tasks/main.yml | 4 ++++
2 files changed, 22 insertions(+)
create mode 100644 roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml
diff --git a/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml b/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml
new file mode 100644
index 000000000..7d0c1a0d5
--- /dev/null
+++ b/roles/kubernetes/control-plane/tasks/kubelet-fix-client-cert-rotation.yml
@@ -0,0 +1,18 @@
+---
+- name: Fixup kubelet client cert rotation 1/2
+ lineinfile:
+ path: "{{ kube_config_dir }}/kubelet.conf"
+ regexp: '^ client-certificate-data: '
+ line: ' client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem'
+ backup: yes
+ notify:
+ - "Master | reload kubelet"
+
+- name: Fixup kubelet client cert rotation 2/2
+ lineinfile:
+ path: "{{ kube_config_dir }}/kubelet.conf"
+ regexp: '^ client-key-data: '
+ line: ' client-key: /var/lib/kubelet/pki/kubelet-client-current.pem'
+ backup: yes
+ notify:
+ - "Master | reload kubelet"
diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml
index a85dddfb9..8bfc8d75d 100644
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -62,3 +62,7 @@
- name: Include kubeadm secondary server apiserver fixes
include_tasks: kubeadm-fix-apiserver.yml
+
+- name: Include kubelet client cert rotation fixes
+ include_tasks: kubelet-fix-client-cert-rotation.yml
+ when: kubelet_rotate_certificates
--
GitLab