[k8s-fedora-atomic] fix multimaster cluster
Same fix as CoreOS for Fedora which enable multimaster with TLS and ETCD Load balancer. Closes-Bug: #1679724 Change-Id: I45b62a20f0a89ebd1494ad61021384fc7a416e8e
This commit is contained in:
parent
3a1f41f9f4
commit
6ea4a7872d
|
@ -44,6 +44,11 @@ MASTER_HOSTNAME=${MASTER_HOSTNAME:-}
|
||||||
if [[ -n "${MASTER_HOSTNAME}" ]]; then
|
if [[ -n "${MASTER_HOSTNAME}" ]]; then
|
||||||
sans="${sans},DNS:${MASTER_HOSTNAME}"
|
sans="${sans},DNS:${MASTER_HOSTNAME}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ -n "${ETCD_LB_VIP}" ]]; then
|
||||||
|
sans="${sans},IP:${ETCD_LB_VIP}"
|
||||||
|
fi
|
||||||
|
|
||||||
sans="${sans},IP:127.0.0.1"
|
sans="${sans},IP:127.0.0.1"
|
||||||
|
|
||||||
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
|
||||||
|
|
|
@ -45,3 +45,4 @@ write_files:
|
||||||
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
|
||||||
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
|
||||||
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
|
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
|
||||||
|
ETCD_LB_VIP="$ETCD_LB_VIP"
|
||||||
|
|
|
@ -349,7 +349,7 @@ resources:
|
||||||
properties:
|
properties:
|
||||||
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||||
external_network: {get_param: external_network}
|
external_network: {get_param: external_network}
|
||||||
protocol: HTTP
|
protocol: {get_param: loadbalancing_protocol}
|
||||||
port: 2379
|
port: 2379
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -485,6 +485,7 @@ resources:
|
||||||
trust_id: {get_param: trust_id}
|
trust_id: {get_param: trust_id}
|
||||||
auth_url: {get_param: auth_url}
|
auth_url: {get_param: auth_url}
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
|
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
|
|
@ -221,6 +221,12 @@ parameters:
|
||||||
type: string
|
type: string
|
||||||
description: insecure registry url
|
description: insecure registry url
|
||||||
|
|
||||||
|
etcd_lb_vip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
etcd lb vip private used to generate certs on master.
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
master_wait_handle:
|
master_wait_handle:
|
||||||
|
@ -300,6 +306,7 @@ resources:
|
||||||
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
|
||||||
"$TRUST_ID": {get_param: trust_id}
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
|
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||||
|
|
||||||
make_cert:
|
make_cert:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
|
|
@ -334,7 +334,7 @@ resources:
|
||||||
properties:
|
properties:
|
||||||
fixed_subnet: {get_param: fixed_subnet}
|
fixed_subnet: {get_param: fixed_subnet}
|
||||||
external_network: {get_param: external_network}
|
external_network: {get_param: external_network}
|
||||||
protocol: HTTP
|
protocol: {get_param: loadbalancing_protocol}
|
||||||
port: 2379
|
port: 2379
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -473,6 +473,7 @@ resources:
|
||||||
auth_url: {get_param: auth_url}
|
auth_url: {get_param: auth_url}
|
||||||
insecure_registry_url: {get_param: insecure_registry_url}
|
insecure_registry_url: {get_param: insecure_registry_url}
|
||||||
wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
|
wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
|
||||||
|
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
|
|
@ -221,6 +221,12 @@ parameters:
|
||||||
description : >
|
description : >
|
||||||
Wait condition notify command for Master.
|
Wait condition notify command for Master.
|
||||||
|
|
||||||
|
etcd_lb_vip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
etcd lb vip private used to generate certs on master.
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -288,6 +294,7 @@ resources:
|
||||||
"$TRUST_ID": {get_param: trust_id}
|
"$TRUST_ID": {get_param: trust_id}
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
"$ENABLE_CINDER": "False"
|
"$ENABLE_CINDER": "False"
|
||||||
|
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||||
|
|
||||||
make_cert:
|
make_cert:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
|
Loading…
Reference in New Issue