Skip to content

Commit

Permalink
Collect k8s apiserver cert information before renewal
Browse files Browse the repository at this point in the history
  • Loading branch information
@atsikham
atsikham committed Sep 4, 2020
1 parent b4bdda2 commit fd3776d
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions core/src/epicli/data/common/ansible/playbooks/roles/kubernetes_master/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,13 @@
- import_tasks: copy-kubernetes-pki.yml
- import_tasks: master-join.yml

- name: Collect current apiserver certificate 'not_after' date by openssl
shell: openssl x509 -enddate -noout -in apiserver.crt
args:
executable: /bin/bash
chdir: "{{ specification.advanced.certificates.location }}"
register: apiserver_certificate_info

- name: Regenerate apiserver certificates
when: kubernetes_common.automation_designated_master != inventory_hostname or not is_first_deployment
# It's almost always necessary to regenerate apiserver certificates for designated and non-designated masters
Expand Down Expand Up @@ -56,13 +63,6 @@
- name: Update apiserver certificate expiration date
when: not (specification.advanced.certificates.renew | bool)
block:
- name: Collect current apiserver certificate 'not_after' date by openssl
shell: openssl x509 -enddate -noout -in apiserver.crt.OLD
args:
executable: /bin/bash
chdir: "{{ specification.advanced.certificates.location }}"
register: apiserver_certificate_info

- name: Regenerate apiserver certificate with previous expiration value
vars:
certificates_renewal_list:
Expand Down

0 comments on commit fd3776d

Please sign in to comment.