Accept server certificate on start

It happens that on clean instance, when Kubelet is started, the
host certificate change and the bootstrap procedure would fail,
because of missing certificate acceptation.
Accept certificates in "Pending" state to avoid errors.

Signed-off-by: Daniel Pawlik <[email protected]>

Author: danpawlik

ansible/roles/deploy-crc-cloud/tasks/accept_cert.yaml

@@ -0,0 +1,11 @@
+---
+- name: Get csr in Pending state
+  ansible.builtin.shell: |
+    oc get csr --no-headers | awk '/Pending/ {print $1}'
+  register: _pending_csr
+
+- name: Accept OpenShift certificate if in Pending state
+  when: _pending_csr.stdout_lines | length > 0
+  ansible.builtin.shell: |
+    oc adm certificate approve {{ item }}
+  loop: "{{ _pending_csr.stdout_lines }}"

ansible/roles/deploy-crc-cloud/tasks/main.yaml

@@ -16,6 +16,9 @@
 - name: Replace default pubkey
   ansible.builtin.include_tasks: pubkey.yaml
 
+- name: Accept certificate
+  ansible.builtin.include_tasks: accept_cert.yaml
+
 - name: Wait for cluster become healthy
   vars:
     wait_components: "etcd|openshift-apiserver"