etcd: enable v2 api only if needed (#8001)

* etcd: enable v2 api only if needed Only enable v2 API if we have a consumer (flannel) This reduce the exposed surface for etcd. * Fix bad group name
3 years ago · c0e1211abe
1 changed files with 2 additions and 1 deletions
--- a/roles/etcd/templates/etcd.env.j2
+++ b/roles/etcd/templates/etcd.env.j2
@ -32,8 +32,9 @@ ETCD_MAX_SNAPSHOTS={{ etcd_max_snapshots }}
 {% if etcd_max_wals is defined %}
 ETCD_MAX_WALS={{ etcd_max_wals }}
 {% endif %}
-# Flannel need etcd v2 API
+{% if hostvars[groups['k8s_cluster'][0]]['kube_network_plugin'] == 'flannel' %}
 ETCD_ENABLE_V2=true
+{% endif %}

 # TLS settings
 ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem