[k8s] Fix CA rotate

Using admin.conf as the kubeconfig to get correct permissions to run kubectl command to update pods to use the new CA certs. Besides, now we need to create client certs on master nodes as well. Story:2008858 Task: 42379 Change-Id: I4996060dd18ef3c448d4b225caec53bf0ae0ba75
2021-04-27 19:19:35 +12:00 · 2021-04-27 19:19:35 +12:00 · cdbe26c452
parent 12766eaff8
commit cdbe26c452
2 changed files with 2 additions and 0 deletions
--- a/magnum/drivers/common/templates/kubernetes/fragments/rotate-kubernetes-ca-certs-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/rotate-kubernetes-ca-certs-master.sh
@ -7,6 +7,7 @@ set -x
 set -eu -o pipefail

 ssh_cmd="ssh -F /srv/magnum/.ssh/config root@localhost"
+export KUBECONFIG="/etc/kubernetes/admin.conf"

 service_account_key=$kube_service_account_key_input
 service_account_private_key=$kube_service_account_private_key_input
--- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
@ -1067,6 +1067,7 @@ resources:
            - "#!/bin/bash"
            - get_file: ../../common/templates/kubernetes/fragments/upgrade-kubernetes.sh
            - get_file: ../../common/templates/kubernetes/fragments/make-cert.sh
+            - get_file: ../../common/templates/kubernetes/fragments/make-cert-client.sh
            - get_file: ../../common/templates/kubernetes/fragments/rotate-kubernetes-ca-certs-master.sh

  upgrade_kubernetes_deployment: