f61fef6771
In the current release, cert-api-manager runs on kubecluster.yaml [1],
but in the kubemaster.yaml [2] the script [3] expects the existance of
the ca.key file (if the cert_api_manager_enabled=true), otherwise it gets blocked.
This file (ca.key), in turn, it's created only when enable-cert-api-manager.sh runs [4]
So, we have a dead lock...
So we need to change the call enable-cert-api-manager.sh into the kubemaster.yaml
[1] https://github.com/openstack/magnum/blob/master/magnum/drivers/k8s_fedora_atomic_v1/templates/kubecluster.yaml#L1158-L1161
[2] https://github.com/openstack/magnum/blob/master/magnum/drivers/k8s_fedora_atomic_v1/templates/kubemaster.yaml#L760
[3] https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-services-master.sh#L12-L16
[4] https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-cert-api-manager.sh#L11
On other issue, the chown of this file (ca.key) it's not working. Moving the
call of this file into kubemaster.yaml makes cluster creation FAILS because of
an error [7] in [5]. If we check a cluster created in stein [6] we notice that
the file is owned by root:root. Knowing this we can comment [5] for now.
[5] https://github.com/openstack/magnum/blob/master/magnum/drivers/common/templates/kubernetes/fragments/enable-cert-api-manager.sh#L13
[6] http://paste.openstack.org/show/788534/
[7] http://paste.openstack.org/show/788537/
Change-Id: Ibee2df435c3f7c34bff74e9146fb28d8367124b1
Signed-off-by: Diogo Guerra <diogo.filipe.tomas.guerra@cern.ch>
(cherry picked from commit
|
||
---|---|---|
.. | ||
templates | ||
tools | ||
__init__.py | ||
driver.py | ||
template_def.py | ||
version.py |