Refine PKI renewal during K8s upgrades

Steve Starkerequested to merge
sstrk/slim-k8s-upgrade-pki into devel

Version Control Information

Source branch: sstrk/slim-k8s-upgrade-pki
Target branch: devel

Commits:

* Refine PKI renewal during K8s upgrades

Before triggering the actual Kubernetes upgrade, the certificates,
kubeconfigs et al. are verified and renewed on all Kubernetes nodes if
necessary. This step can now be explicitly triggered or skipped via the
renew-pki tag. This can save some time if an upgrade has to be aborted
and restarted.
Renewal depends on the helpers/vault-approle role which tasks therefore
are tagged with always to keep things simple.

Description

Feel free to add further information about your MR in this section

Closes: #

Merge Prerequisites

  • MR title (and description) are descriptive
  • Code is readable and syntactically correct
  • Code is understandable
  • Documentation has been updated, if necessary
  • Commit messages look good
  • Release note file in RST format added in latest commit

As a developer: please do not tick these boxes yourself. As a reviewer: please get yourself a hot cold beverage.

Merge request reports