Added option to force apiserver and respective client certificate to … (#6403)
* Added option to force apiserver and respective client certificate to be regenerated without necessarily needing to bump the K8S cluster version * Removed extra blank linepull/6812/head
parent
270f91e577
commit
5e32655830
|
@ -312,3 +312,5 @@ persistent_volumes_enabled: false
|
|||
|
||||
## Amount of time to retain events. (default 1h0m0s)
|
||||
event_ttl_duration: "1h0m0s"
|
||||
## Force regeneration of kubernetes control plane certificates without the need of bumping the cluster version
|
||||
force_certificate_regeneration: false
|
||||
|
|
|
@ -193,3 +193,5 @@ secrets_encryption_query: "resources[*].providers[0].{{kube_encryption_algorithm
|
|||
|
||||
## Amount of time to retain events. (default 1h0m0s)
|
||||
event_ttl_duration: "1h0m0s"
|
||||
## Force regeneration of kubernetes control plane certificates without the need of bumping the cluster version
|
||||
force_certificate_regeneration: false
|
||||
|
|
|
@ -130,7 +130,7 @@
|
|||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- kubeadm_already_run.stat.exists
|
||||
- apiserver_sans_check.changed
|
||||
- apiserver_sans_check.changed or force_certificate_regeneration
|
||||
|
||||
- name: kubeadm | regenerate apiserver cert 2/2
|
||||
command: >-
|
||||
|
@ -140,7 +140,7 @@
|
|||
when:
|
||||
- inventory_hostname == groups['kube-master']|first
|
||||
- kubeadm_already_run.stat.exists
|
||||
- apiserver_sans_check.changed
|
||||
- apiserver_sans_check.changed or force_certificate_regeneration
|
||||
|
||||
- name: kubeadm | Initialize first master
|
||||
command: >-
|
||||
|
|
Loading…
Reference in New Issue