summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Butcher <abutcher@redhat.com>2017-02-06 14:56:27 -0500
committerAndrew Butcher <abutcher@redhat.com>2017-02-06 14:56:27 -0500
commited20d4efc5d630690dbabeefb04e8000e2b796b3 (patch)
tree9e8506e5f0d490f33198ee86df3ead77fc8ad6d5
parentacdedc802b051252a93e40a5a19112674e338bd1 (diff)
downloadopenshift-ed20d4efc5d630690dbabeefb04e8000e2b796b3.tar.gz
openshift-ed20d4efc5d630690dbabeefb04e8000e2b796b3.tar.bz2
openshift-ed20d4efc5d630690dbabeefb04e8000e2b796b3.tar.xz
openshift-ed20d4efc5d630690dbabeefb04e8000e2b796b3.zip
Use service annotations to redeploy router service serving cert signer cert.
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/router.yml31
1 files changed, 16 insertions, 15 deletions
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
index 03d64685d..a9e9f0915 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
@@ -44,25 +44,26 @@
when: l_router_dc.rc == 0 and 'OPENSHIFT_CA_DATA' in router_env_vars and 'OPENSHIFT_CERT_DATA' in router_env_vars and 'OPENSHIFT_KEY_DATA' in router_env_vars
- block:
- - name: Generate router certificate
+ - name: Delete existing router certificate secret
command: >
- {{ openshift.common.client_binary }} adm ca create-server-cert
- --hostnames=router.default.svc,router.default.svc.cluster.local
- --signer-cert={{ openshift.common.config_base }}/master/service-signer.crt
- --signer-key={{ openshift.common.config_base }}/master/service-signer.key
- --signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt
- --cert={{ mktemp.stdout }}/tls.crt
- --key={{ mktemp.stdout }}/tls.key
+ {{ openshift.common.client_binary }} delete secret/router-certs
+ --config={{ mktemp.stdout }}/admin.kubeconfig
+ -n default
- - name: Update router certificates secret
- shell: >
- {{ openshift.common.client_binary }} secret new router-certs
- {{ mktemp.stdout }}/tls.crt
- {{ mktemp.stdout }}/tls.key
- --type=kubernetes.io/tls
+ - name: Remove router service annotations
+ command: >
+ {{ openshift.common.client_binary }} annotate service/router
+ service.alpha.openshift.io/serving-cert-secret-name-
+ service.alpha.openshift.io/serving-cert-signed-by-
+ --config={{ mktemp.stdout }}/admin.kubeconfig
+ -n default
+
+ - name: Add serving-cert-secret annotation to router service
+ command: >
+ {{ openshift.common.client_binary }} annotate service/router
+ service.alpha.openshift.io/serving-cert-secret-name=router-certs
--config={{ mktemp.stdout }}/admin.kubeconfig
-n default
- -o json | oc replace -f -
when: l_router_dc.rc == 0 and 'router-certs' in router_secrets
- name: Redeploy router