Skip to content
This repository has been archived by the owner on Feb 5, 2020. It is now read-only.

Fix external etcd with TLS #2969

Closed
wants to merge 6 commits into from
Closed

Fix external etcd with TLS #2969

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
852577d
modules/openstack/nodes/ignition: Remove deprecated sshd option
Jan 29, 2018
abf8cd5
modules/ignition/resources/dropins/40-etcd-cluster.conf: Fix run args
Feb 16, 2018
0b6f991
modules/bootkube/resources/bootkube.sh: Fix SHE check
Feb 16, 2018
d72aeae
modules/bootkube/resources/bootkube.sh: Fix etcd TLS
Feb 16, 2018
d6a0b23
platforms/openstack/neutron/main.tf: Disable metadata provider
Feb 16, 2018
45b7c61
platforms/openstack/neutron/main.tf: Use DNS names for etcd endpoints
Feb 16, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion modules/bootkube/resources/bootkube.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ rm -rf /etc/kubernetes/manifests
mkdir -p /etc/kubernetes/manifests/

# Move optional self hosted etcd manifests into bootkube friendly locations
if [ -d /opt/tectonic/etcd ]; then
if [ -d /opt/tectonic/etcd/bootstrap-manifests ]; then
mv /opt/tectonic/etcd/manifests/* /opt/tectonic/manifests/
rm -r /opt/tectonic/etcd/manifests
mv /opt/tectonic/etcd/bootstrap-manifests/* /opt/tectonic/bootstrap-manifests/
Expand All @@ -25,6 +25,11 @@ if [ -d /opt/tectonic/net-manifests ]; then
rm -r /opt/tectonic/net-manifests
fi

mkdir -p /etc/kubernetes/bootstrap-secrets
cp /opt/tectonic/tls/etcd-* /etc/kubernetes/bootstrap-secrets
mkdir -p /etc/kubernetes/secrets
cp /opt/tectonic/tls/etcd-* /etc/kubernetes/secrets

# shellcheck disable=SC2154
/usr/bin/docker run \
--volume "$(pwd)":/assets \
Expand Down
3 changes: 2 additions & 1 deletion modules/ignition/resources/dropins/40-etcd-cluster.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ ${metadata_deps}
Environment="ETCD_IMAGE=${container_image}"
${metadata_env}
Environment="RKT_RUN_ARGS=--volume etcd-ssl,kind=host,source=/etc/ssl/etcd \
--mount volume=etcd-ssl,target=/etc/ssl/etcd"
--mount volume=etcd-ssl,target=/etc/ssl/etcd \
--uuid-file-save=/var/lib/coreos/etcd-member-wrapper.uuid"
ExecStart=
ExecStart=/usr/lib/coreos/etcd-wrapper \
--name=${name} \
Expand Down
1 change: 0 additions & 1 deletion modules/openstack/nodes/ignition.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,6 @@ data "ignition_file" "sshd" {

content {
content = <<EOF
UsePrivilegeSeparation sandbox
Subsystem sftp internal-sftp

PermitRootLogin no
Expand Down
4 changes: 2 additions & 2 deletions platforms/openstack/neutron/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ module "bootkube" {

etcd_backup_size = "${var.tectonic_etcd_backup_size}"
etcd_backup_storage_class = "${var.tectonic_etcd_backup_storage_class}"
etcd_endpoints = "${module.dns.etcd_a_nodes}"
etcd_endpoints = "${data.template_file.etcd_hostname_list.*.rendered}"
self_hosted_etcd = "${var.tectonic_self_hosted_etcd}"

master_count = "${var.tectonic_master_count}"
Expand Down Expand Up @@ -198,12 +198,12 @@ module "ignition_masters" {
kubelet_debug_config = "${var.tectonic_kubelet_debug_config}"
kubelet_node_label = "node-role.kubernetes.io/master"
kubelet_node_taints = "node-role.kubernetes.io/master=:NoSchedule"
metadata_provider = "openstack-metadata"
nfs_config_file = "${local._tectonic_nfs_config_file}"
no_proxy = "${var.tectonic_no_proxy}"
ntp_servers = "${var.tectonic_ntp_servers}"
proxy_exclusive_units = "${var.tectonic_proxy_exclusive_units}"
tectonic_vanilla_k8s = "${var.tectonic_vanilla_k8s}"
use_metadata = "false"
}

module "master_nodes" {
Expand Down