[k8s-fedora-atomic] fix multimaster cluster
Same fix as CoreOS for Fedora which enable multimaster with
TLS and ETCD Load balancer.
Closes-Bug: #1679724
Change-Id: I45b62a20f0a89ebd1494ad61021384fc7a416e8e
(cherry picked from commit 6ea4a7872d
)
This commit is contained in:
parent
34f3011913
commit
0d980622b0
|
@ -44,6 +44,11 @@ MASTER_HOSTNAME=${MASTER_HOSTNAME:-}
|
||||||
if [[ -n "${MASTER_HOSTNAME}" ]]; then
|
if [[ -n "${MASTER_HOSTNAME}" ]]; then
|
||||||
sans="${sans},DNS:${MASTER_HOSTNAME}"
|
sans="${sans},DNS:${MASTER_HOSTNAME}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -n "${ETCD_LB_VIP}" ]]; then
|
||||||
|
sans="${sans},IP:${ETCD_LB_VIP}"
|
||||||
|
fi
|
||||||
|
|
||||||
sans="${sans},IP:127.0.0.1"
|
sans="${sans},IP:127.0.0.1"
|
||||||
|
|
||||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||||
|
|
|
@ -42,3 +42,4 @@ write_files:
|
||||||
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
||||||
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
||||||
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
|
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
|
||||||
|
ETCD_LB_VIP="$ETCD_LB_VIP"
|
||||||
|
|
|
@ -326,7 +326,7 @@ resources:
|
||||||
properties:
|
properties:
|
||||||
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||||
external_network: {get_param: external_network}
|
external_network: {get_param: external_network}
|
||||||
protocol: HTTP
|
protocol: {get_param: loadbalancing_protocol}
|
||||||
port: 2379
|
port: 2379
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -458,6 +458,7 @@ resources:
|
||||||
trust_id: {get_param: trust_id}
|
trust_id: {get_param: trust_id}
|
||||||
auth_url: {get_param: auth_url}
|
auth_url: {get_param: auth_url}
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
|
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
|
|
@ -202,6 +202,12 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: insecure registry url
|
description: insecure registry url
|
||||||
|
|
||||||
|
etcd_lb_vip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
etcd lb vip private used to generate certs on master.
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
master_wait_handle:
|
master_wait_handle:
|
||||||
|
@ -278,6 +284,7 @@ resources:
|
||||||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||||
"$TRUST_ID": {get_param: trust_id}
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
|
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||||
|
|
||||||
make_cert:
|
make_cert:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
|
|
@ -311,7 +311,7 @@ resources:
|
||||||
properties:
|
properties:
|
||||||
fixed_subnet: {get_param: fixed_subnet}
|
fixed_subnet: {get_param: fixed_subnet}
|
||||||
external_network: {get_param: external_network}
|
external_network: {get_param: external_network}
|
||||||
protocol: HTTP
|
protocol: {get_param: loadbalancing_protocol}
|
||||||
port: 2379
|
port: 2379
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -446,6 +446,7 @@ resources:
|
||||||
auth_url: {get_param: auth_url}
|
auth_url: {get_param: auth_url}
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
|
wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
|
||||||
|
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
|
|
@ -202,6 +202,12 @@ parameters:
|
||||||
description : >
|
description : >
|
||||||
Wait condition notify command for Master.
|
Wait condition notify command for Master.
|
||||||
|
|
||||||
|
etcd_lb_vip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
etcd lb vip private used to generate certs on master.
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -266,6 +272,7 @@ resources:
|
||||||
"$TRUST_ID": {get_param: trust_id}
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
"$ENABLE_CINDER": "False"
|
"$ENABLE_CINDER": "False"
|
||||||
|
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||||
|
|
||||||
make_cert:
|
make_cert:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
|
Loading…
Reference in New Issue