blob: 72110b18ca066a6762221e1d289931ddfb8b0ff3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
---
- name: Create service catalog cert directory
file:
path: "{{ openshift.common.config_base }}/service-catalog"
state: directory
mode: 0755
changed_when: False
check_mode: no
- set_fact:
generated_certs_dir: "{{ openshift.common.config_base }}/service-catalog"
- name: Generate signing cert
command: >
{{ openshift_client_binary }} adm --config=/etc/origin/master/admin.kubeconfig ca create-signer-cert
--key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt
--serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer
- name: Delete old apiserver.crt
file:
path: "{{ generated_certs_dir }}/apiserver.crt"
state: absent
- name: Delete old apiserver.key
file:
path: "{{ generated_certs_dir }}/apiserver.key"
state: absent
- name: Generating server keys
oc_adm_ca_server_cert:
cert: "{{ generated_certs_dir }}/apiserver.crt"
key: "{{ generated_certs_dir }}/apiserver.key"
hostnames: "apiserver.kube-service-catalog.svc,apiserver.kube-service-catalog.svc.cluster.local,apiserver.kube-service-catalog"
signer_cert: "{{ generated_certs_dir }}/ca.crt"
signer_key: "{{ generated_certs_dir }}/ca.key"
signer_serial: "{{ generated_certs_dir }}/apiserver.serial.txt"
- name: Create apiserver-ssl secret
oc_secret:
state: present
name: apiserver-ssl
namespace: kube-service-catalog
files:
- name: tls.crt
path: "{{ generated_certs_dir }}/apiserver.crt"
- name: tls.key
path: "{{ generated_certs_dir }}/apiserver.key"
- name: Create service-catalog-ssl secret
oc_secret:
state: present
name: service-catalog-ssl
namespace: kube-service-catalog
files:
- name: tls.crt
path: "{{ generated_certs_dir }}/apiserver.crt"
- slurp:
src: "{{ generated_certs_dir }}/ca.crt"
register: apiserver_ca
- name: Create api service
oc_obj:
state: present
name: v1beta1.servicecatalog.k8s.io
kind: apiservices.apiregistration.k8s.io
namespace: "kube-service-catalog"
content:
path: /tmp/apisvcout
data:
apiVersion: apiregistration.k8s.io/v1beta1
kind: APIService
metadata:
name: v1beta1.servicecatalog.k8s.io
spec:
group: servicecatalog.k8s.io
version: v1beta1
service:
namespace: "kube-service-catalog"
name: apiserver
caBundle: "{{ apiserver_ca.content }}"
groupPriorityMinimum: 20
versionPriority: 10
|