kubespray/roles/kubernetes/secrets/tasks/gen_tokens.yml

31 lines
985 B
YAML
Raw Normal View History

---
- name: tokens | generate tokens for master components
become: False
local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
environment:
TOKEN_DIR: "{{ role_path }}/files/tokens"
with_nested:
- [ "system:kubectl" ]
- "{{ groups['kube-master'] }}"
register: gentoken_master
changed_when: "'Added' in gentoken_master.stdout"
notify: set secret_changed
- name: tokens | generate tokens for node components
become: False
local_action: command "{{ role_path }}/scripts/kube-gen-token.sh" "{{ item[0] }}-{{ item[1] }}"
environment:
TOKEN_DIR: "{{ role_path }}/files/tokens"
with_nested:
- [ 'system:kubelet' ]
- "{{ groups['kube-node'] }}"
register: gentoken_node
changed_when: "'Added' in gentoken_node.stdout"
notify: set secret_changed
- name: tokens | Copy tokens on master
copy:
src: "tokens"
dest: "/etc/kubernetes"
when: inventory_hostname in "{{ groups['kube-master'] }}"