From 92ea99e677b5a78ae1f38d984bc2c2f701a58c3c Mon Sep 17 00:00:00 2001 From: gjmzj Date: Sat, 30 Mar 2019 11:57:52 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4ca=E8=AF=81=E4=B9=A6=E6=9C=89?= =?UTF-8?q?=E6=95=88=E6=9C=9F=E7=AD=89=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- roles/deploy/defaults/main.yml | 5 +++++ roles/deploy/templates/ca-config.json.j2 | 4 ++-- roles/deploy/templates/ca-csr.json.j2 | 2 +- roles/etcd/tasks/main.yml | 1 - roles/harbor/tasks/main.yml | 1 - roles/kube-master/tasks/main.yml | 1 - roles/kube-node/tasks/main.yml | 1 - 7 files changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/deploy/defaults/main.yml b/roles/deploy/defaults/main.yml index 7107b25..b6e13b1 100644 --- a/roles/deploy/defaults/main.yml +++ b/roles/deploy/defaults/main.yml @@ -1,4 +1,9 @@ +# CA 证书相关参数 +CA_EXPIRY: "876000h" +CERT_EXPIRY: "438000h" + # kubeconfig 配置参数 CLUSTER_NAME: "cluster1" USER_NAME: "user1" CONTEXT_NAME: "context1" + diff --git a/roles/deploy/templates/ca-config.json.j2 b/roles/deploy/templates/ca-config.json.j2 index 9f84cd3..f558359 100644 --- a/roles/deploy/templates/ca-config.json.j2 +++ b/roles/deploy/templates/ca-config.json.j2 @@ -1,7 +1,7 @@ { "signing": { "default": { - "expiry": "87600h" + "expiry": "{{ CERT_EXPIRY }}" }, "profiles": { "kubernetes": { @@ -11,7 +11,7 @@ "server auth", "client auth" ], - "expiry": "87600h" + "expiry": "{{ CERT_EXPIRY }}" } } } diff --git a/roles/deploy/templates/ca-csr.json.j2 b/roles/deploy/templates/ca-csr.json.j2 index f91944a..7a257c6 100644 --- a/roles/deploy/templates/ca-csr.json.j2 +++ b/roles/deploy/templates/ca-csr.json.j2 @@ -14,6 +14,6 @@ } ], "ca": { - "expiry": "131400h" + "expiry": "{{ CA_EXPIRY }}" } } diff --git a/roles/etcd/tasks/main.yml b/roles/etcd/tasks/main.yml index 872a17a..81ef3e1 100644 --- a/roles/etcd/tasks/main.yml +++ b/roles/etcd/tasks/main.yml @@ -18,7 +18,6 @@ with_items: - ca.pem - ca-key.pem - - ca.csr - ca-config.json delegate_to: "{{ groups.deploy[0] }}" diff --git a/roles/harbor/tasks/main.yml b/roles/harbor/tasks/main.yml index 4edb900..4ea8266 100644 --- a/roles/harbor/tasks/main.yml +++ b/roles/harbor/tasks/main.yml @@ -29,7 +29,6 @@ with_items: - ca.pem - ca-key.pem - - ca.csr - ca-config.json delegate_to: "{{ groups.deploy[0] }}" diff --git a/roles/kube-master/tasks/main.yml b/roles/kube-master/tasks/main.yml index cc4de65..1d1ff6b 100644 --- a/roles/kube-master/tasks/main.yml +++ b/roles/kube-master/tasks/main.yml @@ -13,7 +13,6 @@ - admin-key.pem - ca.pem - ca-key.pem - - ca.csr - ca-config.json delegate_to: "{{ groups.deploy[0] }}" diff --git a/roles/kube-node/tasks/main.yml b/roles/kube-node/tasks/main.yml index d40a229..0146506 100644 --- a/roles/kube-node/tasks/main.yml +++ b/roles/kube-node/tasks/main.yml @@ -44,7 +44,6 @@ with_items: - ca.pem - ca-key.pem - - ca.csr - ca-config.json delegate_to: "{{ groups.deploy[0] }}"