[k8s-fedora-atomic] fix multimaster cluster

Same fix as CoreOS for Fedora which enable multimaster with
TLS and ETCD Load balancer.

Closes-Bug: #1679724
Change-Id: I45b62a20f0a89ebd1494ad61021384fc7a416e8e
(cherry picked from commit 6ea4a7872d)
This commit is contained in:
ArchiFleKs 2017-04-18 16:20:47 +02:00 committed by yatin
parent 34f3011913
commit 0d980622b0
6 changed files with 24 additions and 2 deletions

View File

@ -44,6 +44,11 @@ MASTER_HOSTNAME=${MASTER_HOSTNAME:-}
if [[ -n "${MASTER_HOSTNAME}" ]]; then
sans="${sans},DNS:${MASTER_HOSTNAME}"
fi
if [[ -n "${ETCD_LB_VIP}" ]]; then
sans="${sans},IP:${ETCD_LB_VIP}"
fi
sans="${sans},IP:127.0.0.1"
KUBE_SERVICE_IP=$(echo $PORTAL_NETWORK_CIDR | awk 'BEGIN{FS="[./]"; OFS="."}{print $1,$2,$3,$4 + 1}')

View File

@ -42,3 +42,4 @@ write_files:
INSECURE_REGISTRY_URL="$INSECURE_REGISTRY_URL"
SYSTEM_PODS_INITIAL_DELAY="$SYSTEM_PODS_INITIAL_DELAY"
SYSTEM_PODS_TIMEOUT="$SYSTEM_PODS_TIMEOUT"
ETCD_LB_VIP="$ETCD_LB_VIP"

View File

@ -326,7 +326,7 @@ resources:
properties:
fixed_subnet: {get_attr: [network, fixed_subnet]}
external_network: {get_param: external_network}
protocol: HTTP
protocol: {get_param: loadbalancing_protocol}
port: 2379
######################################################################
@ -458,6 +458,7 @@ resources:
trust_id: {get_param: trust_id}
auth_url: {get_param: auth_url}
insecure_registry_url: {get_param: insecure_registry_url}
etcd_lb_vip: {get_attr: [etcd_lb, address]}
######################################################################
#

View File

@ -202,6 +202,12 @@ parameters:
type: string
description: insecure registry url
etcd_lb_vip:
type: string
description: >
etcd lb vip private used to generate certs on master.
default: ""
resources:
master_wait_handle:
@ -278,6 +284,7 @@ resources:
"$TRUSTEE_PASSWORD": {get_param: trustee_password}
"$TRUST_ID": {get_param: trust_id}
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
make_cert:
type: OS::Heat::SoftwareConfig

View File

@ -311,7 +311,7 @@ resources:
properties:
fixed_subnet: {get_param: fixed_subnet}
external_network: {get_param: external_network}
protocol: HTTP
protocol: {get_param: loadbalancing_protocol}
port: 2379
######################################################################
@ -446,6 +446,7 @@ resources:
auth_url: {get_param: auth_url}
insecure_registry_url: {get_param: insecure_registry_url}
wc_curl_cli: {get_attr: [master_wait_handle, curl_cli]}
etcd_lb_vip: {get_attr: [etcd_lb, address]}
######################################################################
#

View File

@ -202,6 +202,12 @@ parameters:
description : >
Wait condition notify command for Master.
etcd_lb_vip:
type: string
description: >
etcd lb vip private used to generate certs on master.
default: ""
resources:
######################################################################
@ -266,6 +272,7 @@ resources:
"$TRUST_ID": {get_param: trust_id}
"$INSECURE_REGISTRY_URL": {get_param: insecure_registry_url}
"$ENABLE_CINDER": "False"
"$ETCD_LB_VIP": {get_param: etcd_lb_vip}
make_cert:
type: OS::Heat::SoftwareConfig