ansible-role-kubernetes-ca
ansible-role-kubernetes-ca copied to clipboard
githubixx
Generates certificate authority and certificates needed for Kubernetes
This PR adds support for single-stack IPv6 by exposing a `k8s_address_family` variable which can be either `ipv6` or `ipv4`. This allows Ansible to properly parse the IPv6 address and ensure...
According to https://kubernetes.io/docs/setup/best-practices/certificates/#all-certificates the `kube-apiserver-kubelet-client` needs to have the organization defined as `system:masters`. With the previous identifier (Kubernetes) there were some permission problems, specifically the ability to fetch pod logs....
I tried to scrape the metrics of kube-controller-manager with the following scrape config - the **kube-controller-manager-cert-prometheus** Secret contains the CA of the K8s API Server, the Certificate of kube-controller-manager and...
Fixes #14 Added the SANs of Kubernetes API hosts to the kube-controller-manager Cert. This fixes an issue with scraping the metrics of kube-controller-manager service. I am open for input if...
CA certificate has expiration time earlier than the certificate signed by him. ``` root@ansible:/home/ansible/k8s/certs# openssl x509 -in ca-etcd.pem -startdate -enddate -noout notBefore=Apr 21 09:58:00 2025 GMT notAfter=Apr 20 09:58:00 2030...
