Skip to content
Snippets Groups Projects
Commit 957b7115 authored by mkrasilnikov's avatar mkrasilnikov
Browse files

Remove node name from kube-proxy and admin certificates

parent b930b0ef
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/kubernetes/secrets/tasks/gen_certs_vault.yml
+ 2
2
View file @ 957b7115
......@@ -8,7 +8,7 @@
# Issue admin certs to kube-master hosts
- include: ../../../vault/tasks/shared/issue_cert.yml
vars:
issue_cert_common_name: "admin:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}"
issue_cert_common_name: "admin"
issue_cert_copy_ca: "{{ item == kube_admin_certs_needed|first }}"
issue_cert_file_group: "{{ kube_cert_group }}"
issue_cert_file_owner: kube
......@@ -80,7 +80,7 @@
# Issue proxy certs to k8s-cluster nodes
- include: ../../../vault/tasks/shared/issue_cert.yml
vars:
issue_cert_common_name: "system:kube-proxy:{{ item.rsplit('/', 1)[1].rsplit('.', 1)[0] }}"
issue_cert_common_name: "system:kube-proxy"
issue_cert_copy_ca: "{{ item == kube_proxy_certs_needed|first }}"
issue_cert_file_group: "{{ kube_cert_group }}"
issue_cert_file_owner: kube
......
roles/vault/tasks/bootstrap/main.yml
+ 1
1
View file @ 957b7115
......@@ -6,7 +6,7 @@
when: inventory_hostname in groups.vault
- include: ../shared/find_leader.yml
when: inventory_hostname in groups.vault and vault_cluster_is_initialized|d()
when: inventory_hostname in groups.vault and vault_cluster_is_initialized
- include: sync_vault_certs.yml
when: inventory_hostname in groups.vault
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment