Added option to force apiserver and respective client certificate to … (#6403)

* Added option to force apiserver and respective client certificate to be regenerated without necessarily needing to bump the K8S cluster version

* Removed extra blank line
pull/6812/head
Bogdan Peste 2020-10-12 16:02:48 +03:00 committed by GitHub
parent 270f91e577
commit 5e32655830
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 2 deletions

View File

@ -312,3 +312,5 @@ persistent_volumes_enabled: false
## Amount of time to retain events. (default 1h0m0s)
event_ttl_duration: "1h0m0s"
## Force regeneration of kubernetes control plane certificates without the need of bumping the cluster version
force_certificate_regeneration: false

View File

@ -193,3 +193,5 @@ secrets_encryption_query: "resources[*].providers[0].{{kube_encryption_algorithm
## Amount of time to retain events. (default 1h0m0s)
event_ttl_duration: "1h0m0s"
## Force regeneration of kubernetes control plane certificates without the need of bumping the cluster version
force_certificate_regeneration: false

View File

@ -130,7 +130,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed
- apiserver_sans_check.changed or force_certificate_regeneration
- name: kubeadm | regenerate apiserver cert 2/2
command: >-
@ -140,7 +140,7 @@
when:
- inventory_hostname == groups['kube-master']|first
- kubeadm_already_run.stat.exists
- apiserver_sans_check.changed
- apiserver_sans_check.changed or force_certificate_regeneration
- name: kubeadm | Initialize first master
command: >-