richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Use node cert for etcd tasks instead of delegating to first etcd (#2386) 

For etcdctl commands, use admin cert instead of node because this file
doesn't exist on etcd only hosts.
pull/2387/head
Matthew Mosesohn 7 years ago
committed by GitHub
parent
810c10a0e9
commit
bc0fc5df98
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 13 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      roles/network_plugin/calico/rr/tasks/main.yml
  2. 15
      roles/network_plugin/calico/tasks/main.yml
  3. 4
      roles/network_plugin/canal/tasks/main.yml

4
roles/network_plugin/calico/rr/tasks/main.yml
View File

@ -50,8 +50,8 @@
command: |-
{{ bin_dir }}/etcdctl \
--peers={{ etcd_access_addresses }} \
--cert-file {{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}.pem \
--key-file {{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}-key.pem \
--cert-file {{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem \
--key-file {{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem \
set /calico/bgp/v1/rr_v4/{{ rr_ip }} \
'{
"ip": "{{ rr_ip }}",

15
roles/network_plugin/calico/tasks/main.yml
View File

@ -83,26 +83,24 @@
uri:
url: https://localhost:2379/health
validate_certs: no
client_cert: "{{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}.pem"
client_key: "{{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}-key.pem"
client_cert: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
client_key: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
register: result
until: result.status == 200 or result.status == 401
retries: 10
delay: 5
delegate_to: "{{groups['etcd'][0]}}"
run_once: true
- name: Calico | Check if calico network pool has already been configured
command: |-
curl \
--cacert {{ etcd_cert_dir }}/ca.pem \
--cert {{ etcd_cert_dir}}/admin-{{ groups['etcd'][0] }}.pem \
--key {{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem \
--cert {{ etcd_cert_dir}}/node-{{ inventory_hostname }}.pem \
--key {{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
https://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
register: calico_conf
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
delegate_to: "{{groups['etcd'][0]}}"
run_once: true
changed_when: false
@ -125,13 +123,12 @@
command: |-
curl \
--cacert {{ etcd_cert_dir }}/ca.pem \
--cert {{ etcd_cert_dir}}/admin-{{ groups['etcd'][0] }}.pem \
--key {{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem \
--cert {{ etcd_cert_dir}}/node-{{ inventory_hostname }}.pem \
--key {{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem \
https://localhost:2379/v2/keys/calico/v1/ipam/v4/pool
register: calico_pools_raw
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
delegate_to: "{{groups['etcd'][0]}}"
run_once: true
- set_fact:

4
roles/network_plugin/canal/tasks/main.yml
View File

@ -35,8 +35,8 @@
changed_when: false
run_once: true
environment:
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}.pem"
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ groups['etcd'][0] }}-key.pem"
ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
- name: Canal | Create canal node manifests
template:

Write Preview
Loading…
Cancel
Save