From e00d39f1c5c22c627111ec4a2b6c6f5e8ca9dca1 Mon Sep 17 00:00:00 2001
From: gjmzj <gaojianming.zj@139.com>
Date: Tue, 12 Jan 2021 11:32:48 +0800
Subject: [PATCH] fix create kubelet certs 2

---
 .../tasks/create-kubelet-kubeconfig.yml       | 30 +++++++++++--------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/roles/kube-node/tasks/create-kubelet-kubeconfig.yml b/roles/kube-node/tasks/create-kubelet-kubeconfig.yml
index ba5129f..eefed86 100644
--- a/roles/kube-node/tasks/create-kubelet-kubeconfig.yml
+++ b/roles/kube-node/tasks/create-kubelet-kubeconfig.yml
@@ -1,19 +1,23 @@
-- name: 分发证书相关
-  copy: src={{ cluster_dir }}/ssl/{{ item }} dest={{ ca_dir }}/{{ item }}
-  with_items:
-  - ca.pem
-  - ca-key.pem
-  - ca-config.json
-
 - name: 准备kubelet 证书签名请求
-  template: src=kubelet-csr.json.j2 dest={{ ca_dir }}/kubelet-csr.json
+  template: src=kubelet-csr.json.j2 dest={{ cluster_dir }}/ssl/{{ inventory_hostname }}-kubelet-csr.json
+  connection: local
 
 - name: 创建 kubelet 证书与私钥
-  shell: "cd {{ ca_dir }} && {{ bin_dir }}/cfssl gencert \
-        -ca={{ ca_dir }}/ca.pem \
-        -ca-key={{ ca_dir }}/ca-key.pem \
-        -config={{ ca_dir }}/ca-config.json \
-        -profile=kubernetes kubelet-csr.json | {{ bin_dir }}/cfssljson -bare kubelet"
+  shell: "cd {{ cluster_dir }}/ssl && {{ base_dir }}/bin/cfssl gencert \
+        -ca=ca.pem \
+        -ca-key=ca-key.pem \
+        -config=ca-config.json \
+        -profile=kubernetes {{ inventory_hostname }}-kubelet-csr.json | {{ base_dir }}/bin/cfssljson -bare {{ inventory_hostname }}-kubelet"
+  connection: local
+
+- name: 分发ca 证书
+  copy: src={{ cluster_dir }}/ssl/ca.pem dest={{ ca_dir }}/ca.pem
+
+- name: 分发kubelet 证书
+  copy: src={{ cluster_dir }}/ssl/{{ inventory_hostname }}-{{ item }} dest={{ ca_dir }}/{{ item }}
+  with_items:
+  - kubelet.pem
+  - kubelet-key.pem
 
 # 创建kubelet.kubeconfig
 - name: 设置集群参数