summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArchiFleKs <kevin.lefevre@osones.io>2017-04-18 16:20:47 +0200
committeryatin <ykarel@redhat.com>2017-07-26 13:39:41 +0000
commit0d980622b02c2280a6caffa64e21387e98c11872 (patch)
treeca62a7856918d03d2de46ceceb10b4201359df7c
parent34f3011913a4480d935fa7d8755ef1947ad5010c (diff)
[k8s-fedora-atomic] fix multimaster cluster
Same fix as CoreOS for Fedora which enable multimaster with TLS and ETCD Load balancer. Closes-Bug: #1679724 Change-Id: I45b62a20f0a89ebd1494ad61021384fc7a416e8e (cherry picked from commit 6ea4a7872d646e6def8c3a38c9e2182b7a23225a)
Notes
Notes (review): Code-Review+2: Spyros Trigazis (strigazi) <strigazi@gmail.com> Workflow+1: Spyros Trigazis (strigazi) <strigazi@gmail.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 27 Jul 2017 08:09:27 +0000 Reviewed-on: https://review.openstack.org/487425 Project: openstack/magnum Branch: refs/heads/stable/ocata
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh5
-rw-r--r--magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml1
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml3
-rw-r--r--magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml7
-rw-r--r--magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml3
-rw-r--r--magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml7
6 files changed, 24 insertions, 2 deletions
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
index 3415b9a..ab375d0 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert.sh
@@ -44,6 +44,11 @@ MASTER_HOSTNAME=${MASTER_HOSTNAME:-}
44if [[ -n "${MASTER_HOSTNAME}" ]]; then 44if [[ -n "${MASTER_HOSTNAME}" ]]; then
45 sans="${sans},DNS:${MASTER_HOSTNAME}" 45 sans="${sans},DNS:${MASTER_HOSTNAME}"
46fi 46fi
47
48if [[ -n "${ETCD_LB_VIP}" ]]; then
49 sans="${sans},IP:${ETCD_LB_VIP}"
50fi
51
47sans="${sans},IP:127.0.0.1" 52sans="${sans},IP:127.0.0.1"
48 53
49KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}') 54KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
index 9fba497..5f0bb5c 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
+++ b/magnum/drivers/common/templates/kubernetes/fragments/write-heat-params-master.yaml
@@ -42,3 +42,4 @@ write_files:
42 INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL" 42 INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
43 SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY" 43 SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
44 SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT" 44 SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
45 ETCD_LB_VIP="$ETCD_LB_VIP"
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
index 0053284..2836490 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml
@@ -326,7 +326,7 @@ resources:
326 properties: 326 properties:
327 fixed_subnet: {get_attr: [network, fixed_subnet]} 327 fixed_subnet: {get_attr: [network, fixed_subnet]}
328 external_network: {get_param: external_network} 328 external_network: {get_param: external_network}
329 protocol: HTTP 329 protocol: {get_param: loadbalancing_protocol}
330 port: 2379 330 port: 2379
331 331
332 ###################################################################### 332 ######################################################################
@@ -458,6 +458,7 @@ resources:
458 trust_id: {get_param: trust_id} 458 trust_id: {get_param: trust_id}
459 auth_url: {get_param: auth_url} 459 auth_url: {get_param: auth_url}
460 insecure_registry_url: {get_param: insecure_registry_url} 460 insecure_registry_url: {get_param: insecure_registry_url}
461 etcd_lb_vip: {get_attr: [etcd_lb, address]}
461 462
462 ###################################################################### 463 ######################################################################
463 # 464 #
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
index ac60e04..d587d01 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml
@@ -202,6 +202,12 @@ parameters:
202 type: string 202 type: string
203 description: insecure registry url 203 description: insecure registry url
204 204
205 etcd_lb_vip:
206 type: string
207 description: >
208 etcd lb vip private used to generate certs on master.
209 default: ""
210
205resources: 211resources:
206 212
207 master_wait_handle: 213 master_wait_handle:
@@ -278,6 +284,7 @@ resources:
278 "$TRUSTEE_PASSWORD": {get_param: trustee_password} 284 "$TRUSTEE_PASSWORD": {get_param: trustee_password}
279 "$TRUST_ID": {get_param: trust_id} 285 "$TRUST_ID": {get_param: trust_id}
280 "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url} 286 "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
287 "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
281 288
282 make_cert: 289 make_cert:
283 type: OS::Heat::SoftwareConfig 290 type: OS::Heat::SoftwareConfig
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
index 7b1e64d..50e853d 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubecluster.yaml
@@ -311,7 +311,7 @@ resources:
311 properties: 311 properties:
312 fixed_subnet: {get_param: fixed_subnet} 312 fixed_subnet: {get_param: fixed_subnet}
313 external_network: {get_param: external_network} 313 external_network: {get_param: external_network}
314 protocol: HTTP 314 protocol: {get_param: loadbalancing_protocol}
315 port: 2379 315 port: 2379
316 316
317 ###################################################################### 317 ######################################################################
@@ -446,6 +446,7 @@ resources:
446 auth_url: {get_param: auth_url} 446 auth_url: {get_param: auth_url}
447 insecure_registry_url: {get_param: insecure_registry_url} 447 insecure_registry_url: {get_param: insecure_registry_url}
448 wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]} 448 wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
449 etcd_lb_vip: {get_attr: [etcd_lb, address]}
449 450
450 ###################################################################### 451 ######################################################################
451 # 452 #
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
index d6e6435..8cc1d4b 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubemaster.yaml
@@ -202,6 +202,12 @@ parameters:
202 description : > 202 description : >
203 Wait condition notify command for Master. 203 Wait condition notify command for Master.
204 204
205 etcd_lb_vip:
206 type: string
207 description: >
208 etcd lb vip private used to generate certs on master.
209 default: ""
210
205resources: 211resources:
206 212
207 ###################################################################### 213 ######################################################################
@@ -266,6 +272,7 @@ resources:
266 "$TRUST_ID": {get_param: trust_id} 272 "$TRUST_ID": {get_param: trust_id}
267 "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url} 273 "$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
268 "$ENABLE_CINDER": "False" 274 "$ENABLE_CINDER": "False"
275 "$ETCD_LB_VIP": {get_param: etcd_lb_vip}
269 276
270 make_cert: 277 make_cert:
271 type: OS::Heat::SoftwareConfig 278 type: OS::Heat::SoftwareConfig