Browse Source

[k8s-fedora-atomic] fix multimaster cluster

Same fix as CoreOS for Fedora which enable multimaster with
TLS and ETCD Load balancer.

Closes-Bug: #1679724
Change-Id: I45b62a20f0a89ebd1494ad61021384fc7a416e8e
(cherry picked from commit 6ea4a7872d)
tags/4.1.4
ArchiFleKs 2 years ago
parent
commit
0d980622b0

+ 5
- 0
magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh View File

@@ -44,6 +44,11 @@ MASTER_HOSTNAME=${MASTER_HOSTNAME:-}
44 44
 if [[ -n "${MASTER_HOSTNAME}" ]]; then
45 45
     sans="${sans},DNS:${MASTER_HOSTNAME}"
46 46
 fi
47
+
48
+if [[ -n "${ETCD_LB_VIP}" ]]; then
49
+    sans="${sans},IP:${ETCD_LB_VIP}"
50
+fi
51
+
47 52
 sans="${sans},IP:127.0.0.1"
48 53
 
49 54
 KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')

+ 1
- 0
magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml View File

@@ -42,3 +42,4 @@ write_files:
42 42
       INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
43 43
       SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
44 44
       SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
45
+      ETCD_LB_VIP="$ETCD_LB_VIP"

+ 2
- 1
magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml View File

@@ -326,7 +326,7 @@ resources:
326 326
     properties:
327 327
       fixed_subnet: {get_attr: [network, fixed_subnet]}
328 328
       external_network: {get_param: external_network}
329
-      protocol: HTTP
329
+      protocol: {get_param: loadbalancing_protocol}
330 330
       port: 2379
331 331
 
332 332
   ######################################################################
@@ -458,6 +458,7 @@ resources:
458 458
           trust_id: {get_param: trust_id}
459 459
           auth_url: {get_param: auth_url}
460 460
           insecure_registry_url: {get_param: insecure_registry_url}
461
+          etcd_lb_vip: {get_attr: [etcd_lb, address]}
461 462
 
462 463
   ######################################################################
463 464
   #

+ 7
- 0
magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml View File

@@ -202,6 +202,12 @@ parameters:
202 202
     type: string
203 203
     description: insecure registry url
204 204
 
205
+  etcd_lb_vip:
206
+    type: string
207
+    description: >
208
+      etcd lb vip private used to generate certs on master.
209
+    default: ""
210
+
205 211
 resources:
206 212
 
207 213
   master_wait_handle:
@@ -278,6 +284,7 @@ resources:
278 284
             "$TRUSTEE_PASSWORD": {get_param: trustee_password}
279 285
             "$TRUST_ID": {get_param: trust_id}
280 286
             "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
287
+            "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
281 288
 
282 289
   make_cert:
283 290
     type: OS::Heat::SoftwareConfig

+ 2
- 1
magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml View File

@@ -311,7 +311,7 @@ resources:
311 311
     properties:
312 312
       fixed_subnet: {get_param: fixed_subnet}
313 313
       external_network: {get_param: external_network}
314
-      protocol: HTTP
314
+      protocol: {get_param: loadbalancing_protocol}
315 315
       port: 2379
316 316
 
317 317
   ######################################################################
@@ -446,6 +446,7 @@ resources:
446 446
           auth_url: {get_param: auth_url}
447 447
           insecure_registry_url: {get_param: insecure_registry_url}
448 448
           wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
449
+          etcd_lb_vip: {get_attr: [etcd_lb, address]}
449 450
 
450 451
   ######################################################################
451 452
   #

+ 7
- 0
magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml View File

@@ -202,6 +202,12 @@ parameters:
202 202
     description : >
203 203
       Wait condition notify command for Master.
204 204
 
205
+  etcd_lb_vip:
206
+    type: string
207
+    description: >
208
+      etcd lb vip private used to generate certs on master.
209
+    default: ""
210
+
205 211
 resources:
206 212
 
207 213
   ######################################################################
@@ -266,6 +272,7 @@ resources:
266 272
             "$TRUST_ID": {get_param: trust_id}
267 273
             "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
268 274
             "$ENABLE_CINDER": "False"
275
+            "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
269 276
 
270 277
   make_cert:
271 278
     type: OS::Heat::SoftwareConfig

Loading…
Cancel
Save