templates

package
v3.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 1, 2024 License: Apache-2.0 Imports: 2 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// K8sCertsRenewService defines the template of k8s-certs-renew service for systemd.
	K8sCertsRenewService = template.Must(template.New("k8s-certs-renew.service").Parse(
		dedent.Dedent(`[Unit]
Description=Renew K8S control plane certificates
[Service]
Type=oneshot
ExecStart=/usr/local/bin/kube-scripts/k8s-certs-renew.sh
    `)))

	// K8sCertsRenewTimer defines the template of k8s-certs-renew timer for systemd.
	K8sCertsRenewTimer = template.Must(template.New("k8s-certs-renew.timer").Parse(
		dedent.Dedent(`[Unit]
Description=Timer to renew K8S control plane certificates
[Timer]
OnCalendar=Mon *-*-* 03:00:00
Unit=k8s-certs-renew.service
[Install]
WantedBy=multi-user.target
    `)))
)
View Source
var K8sCertsRenewScript = template.Must(template.New("k8s-certs-renew.sh").Parse(
	dedent.Dedent(`#!/bin/bash
{{- if .IsKubeadmAlphaCerts }}
kubeadmCerts='/usr/local/bin/kubeadm alpha certs'
{{- else}}
kubeadmCerts='/usr/local/bin/kubeadm certs'
{{- end }}
getCertValidDays() {
  local earliestExpireDate; earliestExpireDate=$(${kubeadmCerts} check-expiration | grep -o "[A-Za-z]\{3,4\}\s\w\w,\s[0-9]\{4,\}\s\w*:\w*\s\w*\s*" | xargs -I {} date -d {} +%s | sort | head -n 1)
  local today; today="$(date +%s)"
  echo -n $(( ($earliestExpireDate - $today) / (24 * 60 * 60) ))
}
echo "## Expiration before renewal ##"
${kubeadmCerts} check-expiration
if [ $(getCertValidDays) -lt 30 ]; then
  echo "## Renewing certificates managed by kubeadm ##"
  ${kubeadmCerts} renew all
  echo "## Restarting control plane pods managed by kubeadm ##"
{{- if .IsDocker}}
  $(which docker | grep docker) ps -af 'name=k8s_POD_(kube-apiserver|kube-controller-manager|kube-scheduler|etcd)-*' -q | /usr/bin/xargs $(which docker | grep docker) rm -f
{{- else}}
  $(which crictl | grep crictl) pods --namespace kube-system --name 'kube-scheduler-*|kube-controller-manager-*|kube-apiserver-*|etcd-*' -q | /usr/bin/xargs $(which crictl | grep crictl) rmp -f
{{- end }}
  echo "## Updating /root/.kube/config ##"
  cp /etc/kubernetes/admin.conf /root/.kube/config
fi
echo "## Waiting for apiserver to be up again ##"
until printf "" 2>>/dev/null >>/dev/tcp/127.0.0.1/6443; do sleep 1; done
echo "## Expiration after renewal ##"
${kubeadmCerts} check-expiration
    `)))

K8sCertsRenewScript defines the template of k8s-certs-renew timer for systemd.

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL