Apply a runtime manifest to update apiserver certSANs
When the bootstrap manifest is applied the system adds any OAM IP addresses to the apiserver's certificate SAN list. This is used for remote kubectl access. However when the OAM IP address is changed, these IP values are not updated. Without the correct values in apiserver cert remote access will fail. This change makes sysinv to apply the kubernetes certsans runtime puppet manifest during OAM IP change process to update apiserver's cert SANs list with the new IPs. Change-Id: I48eaf4bc3128c0c63591b77ceae69c7db0ea88ab Depends-On: https://review.opendev.org/#/c/751891/ Closes-Bug: 1878451 Signed-off-by: Andy Ning <andy.ning@windriver.com>
This commit is contained in:
parent
24bfa0f79e
commit
5c5a6d4acb
|
@ -6110,6 +6110,16 @@ class ConductorManager(service.PeriodicService):
|
|||
def update_oam_config(self, context):
|
||||
"""Update the OAM network configuration"""
|
||||
|
||||
# update kube-apiserver cert's SANs at runtime
|
||||
personalities = [constants.CONTROLLER]
|
||||
config_uuid = self._config_update_hosts(context, personalities)
|
||||
config_dict = {
|
||||
"personalities": personalities,
|
||||
"classes": ['platform::kubernetes::certsans::runtime']
|
||||
}
|
||||
self._config_apply_runtime_manifest(context, config_uuid, config_dict)
|
||||
|
||||
# there is still pending reboot required config to apply
|
||||
self._config_update_hosts(context, [constants.CONTROLLER], reboot=True)
|
||||
|
||||
extoam = self.dbapi.iextoam_get_one()
|
||||
|
|
Loading…
Reference in New Issue