feature: adding pub key generation and upload to KV as task after kubeconfig

e379c473 · entlein · b47fd82b · e379c473 · e379c473
Commit e379c473 authored 3 years ago by entlein
--- a/roles/rke2/tasks/main.yml
+++ b/roles/rke2/tasks/main.yml
@@ -19,6 +19,9 @@
 - include_tasks: kubeconfig.yml
  when: state != 'absent' and 'master' in group_names
+- include_tasks: privkey.yml
+  when: state != 'absent' and 'master' in group_names
 - name: uninstall rke2
  command: rke2-uninstall.sh
  when: rke2_installed.stat.exists and state == 'absent'
--- a/roles/rke2/tasks/privkey.yml
+++ b/roles/rke2/tasks/privkey.yml
+- name: wait for private key to exist
+  wait_for:
+    path: /var/lib/rancher/rke2/server/tls/service.key
+- name: generate public key from private key for jwks 
+  shell: |
+    openssl rsa -in /var/lib/rancher/rke2/server/tls/service.key -pubout -out /var/lib/rancher/rke2/server/tls/service.pub
+- name: fetch public key from master
+  ansible.builtin.fetch:
+    src: /var/lib/rancher/rke2/server/tls/service.pub
+    dest: service.pub
+    flat: yes