blob: ced2df1d05697cea74a0efe71ca4617d6cb05be1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
---
- name: generate heapster key/cert
command: >
{{ openshift.common.admin_binary }} ca create-server-cert
--config={{ mktemp.stdout }}/admin.kubeconfig
--key='{{ mktemp.stdout }}/heapster.key'
--cert='{{ mktemp.stdout }}/heapster.cert'
--hostnames=heapster
--signer-cert='{{ mktemp.stdout }}/ca.crt'
--signer-key='{{ mktemp.stdout }}/ca.key'
--signer-serial='{{ mktemp.stdout }}/ca.serial.txt'
- when: "'secret/heapster-secrets' not in metrics_secrets.stdout_lines"
block:
- name: read files for the heapster secret
slurp: src={{ item }}
register: heapster_secret
with_items:
- "{{ mktemp.stdout }}/heapster.cert"
- "{{ mktemp.stdout }}/heapster.key"
- "{{ client_ca }}"
vars:
custom_ca: "{{ mktemp.stdout }}/heapster_client_ca.crt"
default_ca: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
client_ca: "{{ custom_ca|exists|ternary(custom_ca, default_ca) }}"
- name: generate heapster secret template
template:
src: secret.j2
dest: "{{ mktemp.stdout }}/templates/heapster_secrets.yaml"
force: no
vars:
name: heapster-secrets
labels:
metrics-infra: heapster
data:
heapster.cert: "{{ heapster_secret.results[0].content }}"
heapster.key: "{{ heapster_secret.results[1].content }}"
heapster.client-ca: "{{ heapster_secret.results[2].content }}"
heapster.allowed-users: >
{{ openshift_metrics_heapster_allowed_users|b64encode }}
|