[k8s-fedora-atomic] fix multimaster cluster
Same fix as CoreOS for Fedora which enable multimaster with
TLS and ETCD Load balancer.
Closes-Bug: #1679724
Change-Id: I45b62a20f0a89ebd1494ad61021384fc7a416e8e
(cherry picked from commit 6ea4a7872d
)
This commit is contained in:
parent
34f3011913
commit
0d980622b0
|
@ -44,6 +44,11 @@ MASTER_HOSTNAME=${MASTER_HOSTNAME:-}
|
|||
if [[ -n "${MASTER_HOSTNAME}" ]]; then
|
||||
sans="${sans},DNS:${MASTER_HOSTNAME}"
|
||||
fi
|
||||
|
||||
if [[ -n "${ETCD_LB_VIP}" ]]; then
|
||||
sans="${sans},IP:${ETCD_LB_VIP}"
|
||||
fi
|
||||
|
||||
sans="${sans},IP:127.0.0.1"
|
||||
|
||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||
|
|
|
@ -42,3 +42,4 @@ write_files:
|
|||
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
||||
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
||||
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
|
||||
ETCD_LB_VIP="$ETCD_LB_VIP"
|
||||
|
|
|
@ -326,7 +326,7 @@ resources:
|
|||
properties:
|
||||
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||
external_network: {get_param: external_network}
|
||||
protocol: HTTP
|
||||
protocol: {get_param: loadbalancing_protocol}
|
||||
port: 2379
|
||||
|
||||
######################################################################
|
||||
|
@ -458,6 +458,7 @@ resources:
|
|||
trust_id: {get_param: trust_id}
|
||||
auth_url: {get_param: auth_url}
|
||||
insecure_registry_url: {get_param: insecure_registry_url}
|
||||
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
|
|
@ -202,6 +202,12 @@ parameters:
|
|||
type: string
|
||||
description: insecure registry url
|
||||
|
||||
etcd_lb_vip:
|
||||
type: string
|
||||
description: >
|
||||
etcd lb vip private used to generate certs on master.
|
||||
default: ""
|
||||
|
||||
resources:
|
||||
|
||||
master_wait_handle:
|
||||
|
@ -278,6 +284,7 @@ resources:
|
|||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||
"$TRUST_ID": {get_param: trust_id}
|
||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||
|
||||
make_cert:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
|
|
|
@ -311,7 +311,7 @@ resources:
|
|||
properties:
|
||||
fixed_subnet: {get_param: fixed_subnet}
|
||||
external_network: {get_param: external_network}
|
||||
protocol: HTTP
|
||||
protocol: {get_param: loadbalancing_protocol}
|
||||
port: 2379
|
||||
|
||||
######################################################################
|
||||
|
@ -446,6 +446,7 @@ resources:
|
|||
auth_url: {get_param: auth_url}
|
||||
insecure_registry_url: {get_param: insecure_registry_url}
|
||||
wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
|
||||
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
|
|
@ -202,6 +202,12 @@ parameters:
|
|||
description : >
|
||||
Wait condition notify command for Master.
|
||||
|
||||
etcd_lb_vip:
|
||||
type: string
|
||||
description: >
|
||||
etcd lb vip private used to generate certs on master.
|
||||
default: ""
|
||||
|
||||
resources:
|
||||
|
||||
######################################################################
|
||||
|
@ -266,6 +272,7 @@ resources:
|
|||
"$TRUST_ID": {get_param: trust_id}
|
||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||
"$ENABLE_CINDER": "False"
|
||||
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||
|
||||
make_cert:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
|
|
Loading…
Reference in New Issue