Initial implementation of cron role for kubeadm cert renewal
Hi @mmeyer
I had a look at your new cron role. Here is my code review:
- You are running the renewal script with the Jupyter user. I dont thik that this user has the required privileges to perform a certificate renewal. We should run this as root.
- I would suggest to rename the script to 'renew_kubeadm_certs.sh' as this fits better into the naming scheme we used so far in RWTHjupyter.
- Please try to place the script into
/user/local/bin
as this would be a more appropriate location rather than the home dir. - As we are here specifically renewing Kubernetes control plane certificates, I would move the role within
roles/kubernetes/renew-kubeadm-certs/
- The certificate renewal only applies to master nodes. The cronjob should therefore only deployed to these hosts.
Edited by Marcus Meyer