From e379c473f2f1cdbaa2eef1d03a76cd8d1a9f75b4 Mon Sep 17 00:00:00 2001
From: entlein <einentlein@gmail.com>
Date: Mon, 4 Apr 2022 13:52:06 +0200
Subject: [PATCH] feature: adding pub key generation and upload to KV as task
 after kubeconfig

---
 roles/rke2/tasks/main.yml    |  3 +++
 roles/rke2/tasks/privkey.yml | 17 +++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 roles/rke2/tasks/privkey.yml

diff --git a/roles/rke2/tasks/main.yml b/roles/rke2/tasks/main.yml
index 7422502..7b5f566 100644
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -19,6 +19,9 @@
 - include_tasks: kubeconfig.yml
   when: state != 'absent' and 'master' in group_names
 
+- include_tasks: privkey.yml
+  when: state != 'absent' and 'master' in group_names
+
 - name: uninstall rke2
   command: rke2-uninstall.sh
   when: rke2_installed.stat.exists and state == 'absent'
diff --git a/roles/rke2/tasks/privkey.yml b/roles/rke2/tasks/privkey.yml
new file mode 100644
index 0000000..a7ea03b
--- /dev/null
+++ b/roles/rke2/tasks/privkey.yml
@@ -0,0 +1,17 @@
+
+- name: wait for private key to exist
+  wait_for:
+    path: /var/lib/rancher/rke2/server/tls/service.key
+
+- name: generate public key from private key for jwks 
+  shell: |
+    openssl rsa -in /var/lib/rancher/rke2/server/tls/service.key -pubout -out /var/lib/rancher/rke2/server/tls/service.pub
+  
+
+- name: fetch public key from master
+  ansible.builtin.fetch:
+    src: /var/lib/rancher/rke2/server/tls/service.pub
+    dest: service.pub
+    flat: yes
+
+
-- 
GitLab