Add OAM IP records to API server certSANs

Add the OAM IP records to the apiserver_cert_sans. This will allow for remote access to the kubernetes API server. Change-Id: I344f59fa0b5a24633f1341e2c2fd54748d88c0af Closes-Bug: 1863798 Signed-off-by: David Sullivan <david.sullivan@windriver.com>
2020-03-01 21:16:04 -05:00 · 2020-03-01 21:16:04 -05:00 · 208df05af5
parent 44e1df23ba
commit 208df05af5
2 changed files with 10 additions and 1 deletions
--- a/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/tasks/bringup_kubemaster.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/bringup-essential-services/tasks/bringup_kubemaster.yml
@ -106,7 +106,7 @@

 - name: Set apiserver SAN list
  set_fact:
-    apiserver_cert_list: "{{ [ cluster_floating_address, loopback_ip ] + apiserver_cert_sans }}"
+    apiserver_cert_list: "{{ [ cluster_floating_address, loopback_ip ] + apiserver_cert_sans + OAM_addresses}}"

 - name: Update Kube admin yaml with network info
  command: "{{ item }}"
--- a/playbookconfig/src/playbooks/roles/bootstrap/validate-config/tasks/main.yml
+++ b/playbookconfig/src/playbooks/roles/bootstrap/validate-config/tasks/main.yml
@ -331,6 +331,15 @@
  - include: validate_address_range.yml
    with_dict: "{{ address_pairs }}"

+  - name: Set OAM address list
+    set_fact:
+      OAM_addresses: "{{ [external_oam_floating_address] }}"
+
+  - name: Update OAM address list for duplex
+    set_fact:
+      OAM_addresses: "{{ OAM_addresses + [ address_pairs['oam_node']['start'], address_pairs['oam_node']['end'] ] }}"
+    when: system_mode != 'simplex'
+
  - name: Set floating addresses based on subnets or start addresses
    set_fact:
      # Not sure why ipaddr('address') and ipsubnet filter did not extract