Fix CoreOS multi master with LB cluster creation
Cluster that uses ETCD like swarm and K8s failed with LB and TLS enable because ETCD LB protocol is HTTP but SSL termination in on the ETCD node. ETCD LB protocol should be the same as K8s with TLS enable Partial-Bug: #1679724 Change-Id: Ie8c8a7e4609c0e2e63095d4c18af84cc653654e1
This commit is contained in:
parent
ff18982505
commit
ecfe6ac183
|
@ -29,29 +29,13 @@ write_files:
|
||||||
KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
|
KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ETCD_SERVER_IP=${ETCD_SERVER_IP:-127.0.0.1}
|
|
||||||
|
|
||||||
PROTOCOL=https
|
|
||||||
|
|
||||||
if [ "$TLS_DISABLED" = "True" ]; then
|
|
||||||
PROTOCOL=http
|
|
||||||
fi
|
|
||||||
|
|
||||||
ENV_FILE=/etc/flannel/options.env
|
ENV_FILE=/etc/flannel/options.env
|
||||||
mkdir -p $(dirname $ENV_FILE)
|
mkdir -p $(dirname $ENV_FILE)
|
||||||
cat > $ENV_FILE <<EOF
|
cat > $ENV_FILE <<EOF
|
||||||
FLANNELD_IFACE=${KUBE_NODE_IP}
|
FLANNELD_IFACE=${KUBE_NODE_IP}
|
||||||
FLANNELD_ETCD_ENDPOINTS=${PROTOCOL}://${ETCD_SERVER_IP}:2379
|
FLANNELD_ETCD_ENDPOINTS=http://127.0.0.1:2379
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
if [ "$TLS_DISABLED" = "False" ]; then
|
|
||||||
cat >> $ENV_FILE <<EOF
|
|
||||||
FLANNELD_ETCD_CAFILE=${KUBE_CERTS_PATH}/ca.pem
|
|
||||||
FLANNELD_ETCD_CERTFILE=${KUBE_CERTS_PATH}/apiserver.pem
|
|
||||||
FLANNELD_ETCD_KEYFILE=${KUBE_CERTS_PATH}/apiserver-key.pem
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
DROP_IN_FILE=/etc/systemd/system/flanneld.service.d/40-ExecStartPre-symlink.conf
|
DROP_IN_FILE=/etc/systemd/system/flanneld.service.d/40-ExecStartPre-symlink.conf
|
||||||
mkdir -p $(dirname $DROP_IN_FILE)
|
mkdir -p $(dirname $DROP_IN_FILE)
|
||||||
cat > $DROP_IN_FILE <<EOF
|
cat > $DROP_IN_FILE <<EOF
|
||||||
|
|
|
@ -67,6 +67,10 @@ write_files:
|
||||||
|
|
||||||
sans="${sans},IP:${KUBE_SERVICE_IP}"
|
sans="${sans},IP:${KUBE_SERVICE_IP}"
|
||||||
|
|
||||||
|
if [[ -n "${ETCD_LB_VIP}" ]]; then
|
||||||
|
sans="${sans},IP:${ETCD_LB_VIP}"
|
||||||
|
fi
|
||||||
|
|
||||||
cert_conf_dir=${KUBE_CERTS_PATH}/conf
|
cert_conf_dir=${KUBE_CERTS_PATH}/conf
|
||||||
|
|
||||||
mkdir -p ${cert_conf_dir}
|
mkdir -p ${cert_conf_dir}
|
||||||
|
|
|
@ -11,7 +11,6 @@ write_files:
|
||||||
KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP"
|
KUBE_NODE_PUBLIC_IP="$KUBE_NODE_PUBLIC_IP"
|
||||||
KUBE_NODE_IP="$KUBE_NODE_IP"
|
KUBE_NODE_IP="$KUBE_NODE_IP"
|
||||||
KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV"
|
KUBE_ALLOW_PRIV="$KUBE_ALLOW_PRIV"
|
||||||
ETCD_SERVER_IP="$ETCD_SERVER_IP"
|
|
||||||
DOCKER_VOLUME="$DOCKER_VOLUME"
|
DOCKER_VOLUME="$DOCKER_VOLUME"
|
||||||
DOCKER_STORAGE_DRIVER="$DOCKER_STORAGE_DRIVER"
|
DOCKER_STORAGE_DRIVER="$DOCKER_STORAGE_DRIVER"
|
||||||
NETWORK_DRIVER="$NETWORK_DRIVER"
|
NETWORK_DRIVER="$NETWORK_DRIVER"
|
||||||
|
@ -44,3 +43,4 @@ write_files:
|
||||||
HOST_CERTS_PATH="$HOST_CERTS_PATH"
|
HOST_CERTS_PATH="$HOST_CERTS_PATH"
|
||||||
HYPERKUBE_IMAGE_REPO="$HYPERKUBE_IMAGE_REPO"
|
HYPERKUBE_IMAGE_REPO="$HYPERKUBE_IMAGE_REPO"
|
||||||
CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
|
CONTAINER_RUNTIME="$CONTAINER_RUNTIME"
|
||||||
|
ETCD_LB_VIP="$ETCD_LB_VIP"
|
||||||
|
|
|
@ -296,7 +296,7 @@ resources:
|
||||||
properties:
|
properties:
|
||||||
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
fixed_subnet: {get_attr: [network, fixed_subnet]}
|
||||||
external_network: {get_param: external_network}
|
external_network: {get_param: external_network}
|
||||||
protocol: HTTP
|
protocol: {get_param: loadbalancing_protocol}
|
||||||
port: 2379
|
port: 2379
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
|
@ -423,6 +423,7 @@ resources:
|
||||||
container_runtime: {get_param: container_runtime}
|
container_runtime: {get_param: container_runtime}
|
||||||
prometheus_monitoring: {get_param: prometheus_monitoring}
|
prometheus_monitoring: {get_param: prometheus_monitoring}
|
||||||
grafana_admin_passwd: {get_param: grafana_admin_passwd}
|
grafana_admin_passwd: {get_param: grafana_admin_passwd}
|
||||||
|
etcd_lb_vip: {get_attr: [etcd_lb, address]}
|
||||||
|
|
||||||
######################################################################
|
######################################################################
|
||||||
#
|
#
|
||||||
|
|
|
@ -194,6 +194,12 @@ parameters:
|
||||||
description: >
|
description: >
|
||||||
Container runtime to use with Kubernetes.
|
Container runtime to use with Kubernetes.
|
||||||
|
|
||||||
|
etcd_lb_vip:
|
||||||
|
type: string
|
||||||
|
description: >
|
||||||
|
etcd lb vip private used to generate certs on master.
|
||||||
|
default: ""
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
|
|
||||||
master_wait_handle:
|
master_wait_handle:
|
||||||
|
@ -239,7 +245,6 @@ resources:
|
||||||
"$KUBE_NODE_PUBLIC_IP": {get_attr: [kube_master_floating, floating_ip_address]}
|
"$KUBE_NODE_PUBLIC_IP": {get_attr: [kube_master_floating, floating_ip_address]}
|
||||||
"$KUBE_NODE_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
"$KUBE_NODE_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
||||||
"$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
|
"$KUBE_ALLOW_PRIV": {get_param: kube_allow_priv}
|
||||||
"$ETCD_SERVER_IP": {get_attr: [kube_master_eth0, fixed_ips, 0, ip_address]}
|
|
||||||
"$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr}
|
"$FLANNEL_NETWORK_CIDR": {get_param: flannel_network_cidr}
|
||||||
"$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
|
"$FLANNEL_NETWORK_SUBNETLEN": {get_param: flannel_network_subnetlen}
|
||||||
"$FLANNEL_BACKEND": {get_param: flannel_backend}
|
"$FLANNEL_BACKEND": {get_param: flannel_backend}
|
||||||
|
@ -273,6 +278,7 @@ resources:
|
||||||
hyperkube_image: { get_param: hyperkube_image }
|
hyperkube_image: { get_param: hyperkube_image }
|
||||||
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
|
||||||
"$CONTAINER_RUNTIME": {get_param: container_runtime}
|
"$CONTAINER_RUNTIME": {get_param: container_runtime}
|
||||||
|
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
|
||||||
|
|
||||||
configure_etcd:
|
configure_etcd:
|
||||||
type: OS::Heat::SoftwareConfig
|
type: OS::Heat::SoftwareConfig
|
||||||
|
|
Loading…
Reference in New Issue