diff options
| author | Scott Dodson <sdodson@redhat.com> | 2017-02-06 15:17:11 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-02-06 15:17:11 -0500 |
| commit | e27da6a8b7423f48d2bf989315cf41fc0188aee2 (patch) | |
| tree | c8f47eb820b007b97c326dc7dd9ea6cc037849c5 | |
| parent | 76d0a4538baa3b59085d6dd57b92ffd145c76f93 (diff) | |
| parent | ed20d4efc5d630690dbabeefb04e8000e2b796b3 (diff) | |
| download | openshift-e27da6a8b7423f48d2bf989315cf41fc0188aee2.tar.gz openshift-e27da6a8b7423f48d2bf989315cf41fc0188aee2.tar.bz2 openshift-e27da6a8b7423f48d2bf989315cf41fc0188aee2.tar.xz openshift-e27da6a8b7423f48d2bf989315cf41fc0188aee2.zip | |
Merge pull request #3272 from abutcher/router-certs
Use service annotations to redeploy router service serving cert signer cert
| -rw-r--r-- | playbooks/common/openshift-cluster/redeploy-certificates/router.yml | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml index 03d64685d..a9e9f0915 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml @@ -44,25 +44,26 @@ when: l_router_dc.rc == 0 and 'OPENSHIFT_CA_DATA' in router_env_vars and 'OPENSHIFT_CERT_DATA' in router_env_vars and 'OPENSHIFT_KEY_DATA' in router_env_vars - block: - - name: Generate router certificate + - name: Delete existing router certificate secret command: > - {{ openshift.common.client_binary }} adm ca create-server-cert - --hostnames=router.default.svc,router.default.svc.cluster.local - --signer-cert={{ openshift.common.config_base }}/master/service-signer.crt - --signer-key={{ openshift.common.config_base }}/master/service-signer.key - --signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt - --cert={{ mktemp.stdout }}/tls.crt - --key={{ mktemp.stdout }}/tls.key + {{ openshift.common.client_binary }} delete secret/router-certs + --config={{ mktemp.stdout }}/admin.kubeconfig + -n default - - name: Update router certificates secret - shell: > - {{ openshift.common.client_binary }} secret new router-certs - {{ mktemp.stdout }}/tls.crt - {{ mktemp.stdout }}/tls.key - --type=kubernetes.io/tls + - name: Remove router service annotations + command: > + {{ openshift.common.client_binary }} annotate service/router + service.alpha.openshift.io/serving-cert-secret-name- + service.alpha.openshift.io/serving-cert-signed-by- + --config={{ mktemp.stdout }}/admin.kubeconfig + -n default + + - name: Add serving-cert-secret annotation to router service + command: > + {{ openshift.common.client_binary }} annotate service/router + service.alpha.openshift.io/serving-cert-secret-name=router-certs --config={{ mktemp.stdout }}/admin.kubeconfig -n default - -o json | oc replace -f - when: l_router_dc.rc == 0 and 'router-certs' in router_secrets - name: Redeploy router |