Skip to content

Commit

Permalink
Don't generate static tokens for nodes and control planes
Browse files Browse the repository at this point in the history 
Nodes to api-server relies by default certificates, and bootstrap
tokens, and there should be no need to generate tokens for every nodes,
even when enabling static token auth.
  • Loading branch information
@VannTen
VannTen committed Sep 23, 2024
1 parent 03a055c commit baf0a33
Show file tree
Hide file tree
Showing 8 changed files with 1 addition and 168 deletions.
2 changes: 0 additions & 2 deletions docs/ansible/ansible.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,8 +174,6 @@ The following tags are defined in playbooks:
| init | Windows kubernetes init nodes |
| iptables | Flush and clear iptable when resetting |
| k8s-pre-upgrade | Upgrading K8s cluster |
| k8s-secrets | Configuring K8s certs/keys |
| k8s-gen-tokens | Configuring K8s tokens |
| kata-containers | Configuring kata-containers runtime |
| krew | Install and manage krew |
| kubeadm | Roles linked to kubeadm tasks |
Expand Down
2 changes: 1 addition & 1 deletion docs/operations/upgrades.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -392,7 +392,7 @@ ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=etcd --limi
Upgrade kubelet:

```ShellSession
ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=node --skip-tags=k8s-gen-certs,k8s-gen-tokens
ansible-playbook -b -i inventory/sample/hosts.ini cluster.yml --tags=node --skip-tags=k8s-gen-certs
```

Upgrade Kubernetes master components:
Expand Down
4 changes: 0 additions & 4 deletions roles/kubernetes/control-plane/meta/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
---
dependencies:
- role: kubernetes/kubeadm_common
- role: kubernetes/tokens
when: kube_token_auth
tags:
- k8s-secrets
- role: adduser
user: "{{ addusers.etcd }}"
when:
Expand Down
2 changes: 0 additions & 2 deletions roles/kubernetes/preinstall/tasks/0050-create_directories.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@
become: true
tags:
- kubelet
- k8s-secrets
- kube-controller-manager
- kube-apiserver
- bootstrap-os
Expand All @@ -34,7 +33,6 @@
become: true
tags:
- kubelet
- k8s-secrets
- kube-controller-manager
- kube-apiserver
- bootstrap-os
Expand Down
34 changes: 0 additions & 34 deletions roles/kubernetes/tokens/files/kube-gen-token.sh
View file

This file was deleted.

41 changes: 0 additions & 41 deletions roles/kubernetes/tokens/tasks/check-tokens.yml
View file

This file was deleted.

63 changes: 0 additions & 63 deletions roles/kubernetes/tokens/tasks/gen_tokens.yml
View file

This file was deleted.

21 changes: 0 additions & 21 deletions roles/kubernetes/tokens/tasks/main.yml
View file

This file was deleted.

0 comments on commit baf0a33

Please sign in to comment.