The highest tagged major version is
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // K8sCertsRenewService defines the template of k8s-certs-renew service for systemd. K8sCertsRenewService = template.Must(template.New("k8s-certs-renew.service").Parse( dedent.Dedent(`[Unit] Description=Renew K8S control plane certificates [Service] Type=oneshot ExecStart=/usr/local/bin/kube-scripts/k8s-certs-renew.sh `))) // K8sCertsRenewTimer defines the template of k8s-certs-renew timer for systemd. K8sCertsRenewTimer = template.Must(template.New("k8s-certs-renew.timer").Parse( dedent.Dedent(`[Unit] Description=Timer to renew K8S control plane certificates [Timer] OnCalendar=Mon *-*-* 03:00:00 Unit=k8s-certs-renew.service [Install] WantedBy=multi-user.target `))) )
View Source
var K8sCertsRenewScript = template.Must(template.New("k8s-certs-renew.sh").Parse( dedent.Dedent(`#!/bin/bash {{- if .IsKubeadmAlphaCerts }} kubeadmCerts='/usr/local/bin/kubeadm alpha certs' {{- else}} kubeadmCerts='/usr/local/bin/kubeadm certs' {{- end }} getCertValidDays() { local earliestExpireDate; earliestExpireDate=$(${kubeadmCerts} check-expiration | grep -o "[A-Za-z]\{3,4\}\s\w\w,\s[0-9]\{4,\}\s\w*:\w*\s\w*\s*" | xargs -I {} date -d {} +%s | sort | head -n 1) local today; today="$(date +%s)" echo -n $(( ($earliestExpireDate - $today) / (24 * 60 * 60) )) } echo "## Expiration before renewal ##" ${kubeadmCerts} check-expiration if [ $(getCertValidDays) -lt 30 ]; then echo "## Renewing certificates managed by kubeadm ##" ${kubeadmCerts} renew all echo "## Restarting control plane pods managed by kubeadm ##" {{- if .IsDocker}} $(which docker | grep docker) ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs $(which docker | grep docker) rm -f {{- else}} $(which crictl | grep crictl) pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs $(which crictl | grep crictl) rmp -f {{- end }} echo "## Updating /root/.kube/config ##" cp /etc/kubernetes/admin.conf /root/.kube/config fi echo "## Waiting for apiserver to be up again ##" until printf "" 2>>/dev/null >>/dev/tcp/127.0.0.1/6443; do sleep 1; done echo "## Expiration after renewal ##" ${kubeadmCerts} check-expiration `)))
K8sCertsRenewScript defines the template of k8s-certs-renew timer for systemd.
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.