Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6e6004a73f
Branches Tags
okd
/
roles
/
openshift_service_catalog
/
tasks
/
generate_certs.yml

generate_certs.yml 2.5 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. ---
    2. 

  2. - name: Create service catalog cert directory
    3. 

  3.   file:
    4. 

  4.     path: "{{ openshift.common.config_base }}/service-catalog"
    5. 

  5.     state: directory
    6. 

  6.     mode: 0755
    7. 

  7.   changed_when: False
    8. 

  8.   check_mode: no
    9. 

  9. 

  10. - set_fact:
    11. 

  11.     generated_certs_dir: "{{ openshift.common.config_base }}/service-catalog"
    12. 

  12. 

  13. - name: Generate signing cert
    14. 

  14.   command: >
    15. 

  15.     {{ openshift.common.client_binary }} adm --config=/etc/origin/master/admin.kubeconfig ca create-signer-cert
    16. 

  16.     --key={{ generated_certs_dir }}/ca.key --cert={{ generated_certs_dir }}/ca.crt
    17. 

  17.     --serial={{ generated_certs_dir }}/apiserver.serial.txt --name=service-catalog-signer
    18. 

  18. 

  19. - name: Generating server keys
    20. 

  20.   oc_adm_ca_server_cert:
    21. 

  21.     cert: "{{ generated_certs_dir }}/apiserver.crt"
    22. 

  22.     key: "{{ generated_certs_dir }}/apiserver.key"
    23. 

  23.     hostnames: "apiserver.kube-service-catalog.svc,apiserver.kube-service-catalog.svc.cluster.local,apiserver.kube-service-catalog"
    24. 

  24.     signer_cert: "{{ generated_certs_dir }}/ca.crt"
    25. 

  25.     signer_key: "{{ generated_certs_dir }}/ca.key"
    26. 

  26.     signer_serial: "{{ generated_certs_dir }}/apiserver.serial.txt"
    27. 

  27. 

  28. - name: Create apiserver-ssl secret
    29. 

  29.   oc_secret:
    30. 

  30.     state: present
    31. 

  31.     name: apiserver-ssl
    32. 

  32.     namespace: kube-service-catalog
    33. 

  33.     files:
    34. 

  34.     - name: tls.crt
    35. 

  35.       path: "{{ generated_certs_dir }}/apiserver.crt"
    36. 

  36.     - name: tls.key
    37. 

  37.       path: "{{ generated_certs_dir }}/apiserver.key"
    38. 

  38. 

  39. - name: Create service-catalog-ssl secret
    40. 

  40.   oc_secret:
    41. 

  41.     state: present
    42. 

  42.     name: service-catalog-ssl
    43. 

  43.     namespace: kube-service-catalog
    44. 

  44.     files:
    45. 

  45.     - name: tls.crt
    46. 

  46.       path: "{{ generated_certs_dir }}/apiserver.crt"
    47. 

  47. 

  48. - slurp:
    49. 

  49.     src: "{{ generated_certs_dir }}/ca.crt"
    50. 

  50.   register: apiserver_ca
    51. 

  51. 

  52. - shell: >
    53. 

  53.     oc get apiservices.apiregistration.k8s.io/v1beta1.servicecatalog.k8s.io -n kube-service-catalog || echo "not found"
    54. 

  54.   register: get_apiservices
    55. 

  55.   changed_when: no
    56. 

  56. 

  57. - name: Create api service
    58. 

  58.   oc_obj:
    59. 

  59.     state: present
    60. 

  60.     name: v1beta1.servicecatalog.k8s.io
    61. 

  61.     kind: apiservices.apiregistration.k8s.io
    62. 

  62.     namespace: "kube-service-catalog"
    63. 

  63.     content:
    64. 

  64.       path: /tmp/apisvcout
    65. 

  65.       data:
    66. 

  66.         apiVersion: apiregistration.k8s.io/v1beta1
    67. 

  67.         kind: APIService
    68. 

  68.         metadata:
    69. 

  69.           name: v1beta1.servicecatalog.k8s.io
    70. 

  70.         spec:
    71. 

  71.           group: servicecatalog.k8s.io
    72. 

  72.           version: v1beta1
    73. 

  73.           service:
    74. 

  74.             namespace: "kube-service-catalog"
    75. 

  75.             name: apiserver
    76. 

  76.           caBundle: "{{ apiserver_ca.content }}"
    77. 

  77.           groupPriorityMinimum: 20
    78. 

  78.           versionPriority: 10
    79. 

  79.   when: "'not found' in get_apiservices.stdout"
    80.