fix

Author: adskyiproger

infrastructure/server-setup/k8s.yml

@@ -63,8 +63,7 @@
   hosts: master
   vars:
     new_sans:
-      - 10.1.1.1
-      - 91.99.202.110
+      - 5.78.158.131
   tasks:
     - name: 
       include_tasks: tasks/user-kubeconfig.yml

infrastructure/server-setup/tasks/user-kubeconfig.yml

@@ -3,7 +3,7 @@
   command: >
     kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}'
   environment:
-    KUBECONFIG: /home/provision/.kube/config
+    KUBECONFIG: /etc/kubernetes/admin.conf
   register: clusterconfig_raw
 
 - name: Save kubeadm config to file
@@ -36,3 +36,26 @@
   loop:
     - crt
     - key
+
+- name: Generate new apiserver certificate with updated SANs
+  command: kubeadm init phase certs apiserver --config /root/kubeadm-config.yaml
+  environment:
+    KUBECONFIG: /etc/kubernetes/admin.conf
+
+- name: Delete kube-apiserver pods to restart with new certs
+  command: kubectl -n kube-system delete pod -l component=kube-apiserver
+  register: kubectl_result
+  failed_when: kubectl_result.rc != 0 and "NotFound" not in kubectl_result.stderr
+
+- name: Show result of restart
+  debug:
+    var: kubectl_result.stdout
+
+- name: Remove existing kube config if it exists
+  shell: sudo rm -f /home/provision/.kube/config
+
+- name: Copy admin.conf to provision user's kube config
+  shell: sudo cp -i /etc/kubernetes/admin.conf /home/provision/.kube/config
+
+- name: Change ownership of kube config to provision user
+  shell: sudo chown provision:provision /home/provision/.kube/config