From 6ea4a7872d646e6def8c3a38c9e2182b7a23225a Mon Sep 17 00:00:00 2001 From: ArchiFleKs Date: Tue, 18 Apr 2017 16:20:47 +0200 Subject: [PATCH] [k8s-fedora-atomic] fix multimaster cluster Same fix as CoreOS for Fedora which enable multimaster with TLS and ETCD Load balancer. Closes-Bug: #1679724 Change-Id: I45b62a20f0a89ebd1494ad61021384fc7a416e8e --- .../common/templates/kubernetes/fragments/make-cert.sh | 5 +++++ .../kubernetes/fragments/write-heat-params-master.yaml | 1 + .../k8s_fedora_atomic_v1/templates/kubecluster.yaml | 3 ++- .../drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml | 7 +++++++ .../k8s_fedora_ironic_v1/templates/kubecluster.yaml | 3 ++- .../drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml | 7 +++++++ 6 files changed, 24 insertions(+), 2 deletions(-) diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh index 30e9011652..d5769dbc2a 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh @@ -44,6 +44,11 @@ MASTER_HOSTNAME=${MASTER_HOSTNAME:-} if [[ -n "${MASTER_HOSTNAME}" ]]; then sans="${sans},DNS:${MASTER_HOSTNAME}" fi + +if [[ -n "${ETCD_LB_VIP}" ]]; then + sans="${sans},IP:${ETCD_LB_VIP}" +fi + sans="${sans},IP:127.0.0.1" KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}') diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml index 8f14d5655f..548a41f5ba 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml +++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml @@ -45,3 +45,4 @@ write_files: INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL" SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY" SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT" + ETCD_LB_VIP="$ETCD_LB_VIP" diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml index de225ed539..e74f16bd95 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml @@ -349,7 +349,7 @@ resources: properties: fixed_subnet: {get_attr: [network, fixed_subnet]} external_network: {get_param: external_network} - protocol: HTTP + protocol: {get_param: loadbalancing_protocol} port: 2379 ###################################################################### @@ -485,6 +485,7 @@ resources: trust_id: {get_param: trust_id} auth_url: {get_param: auth_url} insecure_registry_url: {get_param: insecure_registry_url} + etcd_lb_vip: {get_attr: [etcd_lb, address]} ###################################################################### # diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml index 4a84e98ffe..5b49884361 100644 --- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml @@ -221,6 +221,12 @@ parameters: type: string description: insecure registry url + etcd_lb_vip: + type: string + description: > + etcd lb vip private used to generate certs on master. + default: "" + resources: master_wait_handle: @@ -300,6 +306,7 @@ resources: "$TRUSTEE_PASSWORD": {get_param: trustee_password} "$TRUST_ID": {get_param: trust_id} "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url} + "$ETCD_LB_VIP": {get_param: etcd_lb_vip} make_cert: type: OS::Heat::SoftwareConfig diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml index ff89196c30..943e529890 100644 --- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml +++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml @@ -334,7 +334,7 @@ resources: properties: fixed_subnet: {get_param: fixed_subnet} external_network: {get_param: external_network} - protocol: HTTP + protocol: {get_param: loadbalancing_protocol} port: 2379 ###################################################################### @@ -473,6 +473,7 @@ resources: auth_url: {get_param: auth_url} insecure_registry_url: {get_param: insecure_registry_url} wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]} + etcd_lb_vip: {get_attr: [etcd_lb, address]} ###################################################################### # diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml index 9b273a19d6..3ca775bca0 100644 --- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml @@ -221,6 +221,12 @@ parameters: description : > Wait condition notify command for Master. + etcd_lb_vip: + type: string + description: > + etcd lb vip private used to generate certs on master. + default: "" + resources: ###################################################################### @@ -288,6 +294,7 @@ resources: "$TRUST_ID": {get_param: trust_id} "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url} "$ENABLE_CINDER": "False" + "$ETCD_LB_VIP": {get_param: etcd_lb_vip} make_cert: type: OS::Heat::SoftwareConfig