easzlab
/
kubeasz
mirror of https://github.com/easzlab/kubeasz.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix create kubelet certs 2

pull/992/head
gjmzj 2021-01-12 11:32:48 +08:00
parent ce7f385853
commit e00d39f1c5
1 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
roles/kube-node/tasks/create-kubelet-kubeconfig.yml
View File

@ -1,19 +1,23 @@
- name: 分发证书相关
copy: src={{ cluster_dir }}/ssl/{{ item }} dest={{ ca_dir }}/{{ item }}
with_items:
- ca.pem
- ca-key.pem
- ca-config.json
- name: 准备kubelet 证书签名请求
template: src=kubelet-csr.json.j2 dest={{ ca_dir }}/kubelet-csr.json
template: src=kubelet-csr.json.j2 dest={{ cluster_dir }}/ssl/{{ inventory_hostname }}-kubelet-csr.json
connection: local
- name: 创建 kubelet 证书与私钥
shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-ca={{ ca_dir }}/ca.pem \
-ca-key={{ ca_dir }}/ca-key.pem \
-config={{ ca_dir }}/ca-config.json \
-profile=kubernetes kubelet-csr.json | {{ bin_dir }}/cfssljson -bare kubelet"
shell: "cd {{ cluster_dir }}/ssl && {{ base_dir }}/bin/cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes {{ inventory_hostname }}-kubelet-csr.json | {{ base_dir }}/bin/cfssljson -bare {{ inventory_hostname }}-kubelet"
connection: local
- name: 分发ca 证书
copy: src={{ cluster_dir }}/ssl/ca.pem dest={{ ca_dir }}/ca.pem
- name: 分发kubelet 证书
copy: src={{ cluster_dir }}/ssl/{{ inventory_hostname }}-{{ item }} dest={{ ca_dir }}/{{ item }}
with_items:
- kubelet.pem
- kubelet-key.pem
# 创建kubelet.kubeconfig
- name: 设置集群参数