Skip to content
This repository has been archived by the owner on Sep 30, 2020. It is now read-only.

Easily manage etcd cluster with env vars #58

Merged
merged 1 commit into from
Nov 17, 2016
Merged

Easily manage etcd cluster with env vars #58

merged 1 commit into from
Nov 17, 2016

Conversation

gianrubio
Copy link
Contributor

Exporting etcdctl environment variables, allow cluster managers to run etcdctl commands without providing arguments.

Currently when you logging in the etcd cluster you can't run etcdctl commands except you provide all the args.

$ etcdctl --cert-file=/etc/etcd2/ssl/etcd-client.pem --ca-file=/etc/etcd2/ssl/ca.pem --key-file=/etc/etcd2/ssl/etcd-client-key.pem  --endpoints=https://ip-10-0-0-5.eu-west-1.compute.internal:2379 cluster-health
member f5654f631de6e415 is healthy: got healthy result from https://ip-10-0-0-5.eu-west-1.compute.internal:2379
cluster is healthy

After this PR will be easy for run etcdctl commands

$ etcdctl cluster-health
member f5654f631de6e415 is healthy: got healthy result from https://ip-10-0-0-5.eu-west-1.compute.internal:2379
cluster is healthy

Also this is important on #49 and signaling cloudformation when the etcd cluster is healthy.

@codecov-io
Copy link

codecov-io commented Nov 15, 2016
edited
Loading

Current coverage is 54.72% (diff: 100%)

Merging #58 into master will not change coverage

@@             master        #58   diff @@
==========================================
  Files             4          4          
  Lines          1038       1038          
  Methods           0          0          
  Messages          0          0          
  Branches          0          0          
==========================================
  Hits            568        568          
  Misses          388        388          
  Partials         82         82

Powered by Codecov. Last update 7237203...a47d7d6

mumoshu
mumoshu reviewed Nov 16, 2016
View reviewed changes
config/templates/cloud-config-etcd
ETCDCTL_CA_FILE=/etc/etcd2/ssl/ca.pem
ETCDCTL_CERT_FILE=/etc/etcd2/ssl/etcd-client.pem
ETCDCTL_KEY_FILE=/etc/etcd2/ssl/etcd-client-key.pem
ETCDCTL_ENDPOINT=
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm just curious but may I ask why you've explicitly emptied ETCD_ENDPOINT here?
Just to note that we have to explicitly set it when running etcdctl?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I realized that this line is the "marker" for https://github.com/coreos/kube-aws/pull/58/files#diff-c88cb625705bf9711a2f576a1975cb72R34.
Doing this makes it possible to:

  • Mention that we have to provided an actual value when running etcdctl
  • Ensure two things:

mumoshu
mumoshu reviewed Nov 16, 2016
View reviewed changes
config/templates/cloud-config-etcd

- path: /etc/etcd2/ssl/etcd-client-key.pem.enc
encoding: gzip+base64
content: {{.TLSConfig.EtcdClientKey}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note to self:

  • This would make user-data much bigger than before... Oh, we now have the --s3-uri option to workaround that. No problem 😃
  • This does add additional credentials we didn't have in etcd nodes before. Any security concerns for saving more credentials in etcd nodes? No.

@mumoshu
Copy link
Contributor

mumoshu commented Nov 17, 2016

@gianrubio I'm impressed with your work 👍

@mumoshu
Copy link
Contributor

mumoshu commented Nov 17, 2016

Thanks for the contribution! Merging.

@mumoshu mumoshu merged commit 7ea5f6b into kubernetes-retired:master Nov 17, 2016
davidmccormick pushed a commit to HotelsDotCom/kube-aws that referenced this pull request Jul 18, 2018
Merge pull request kubernetes-retired#58 in RUN/kube-aws from merging…
cbea0ee 
…-v0.10.1-release to hcom-flavour

* commit '910b3d7e27a9cebef937a8b83b02efa6632bb7a4': (21 commits)
  Clean up removal of service-account-signing key
  Removal of service-signing-key loading needs bind to all interfaces
  Merge Kiich dashboard resource limits setting from upstream
  Merge in enabling aggregator + certs
  0.10.x Add kubernetes manifests from customfiles (kubernetes-retired#1400)
  Remove dependency on alpine:lastest docker image - use already present hyperkube image instead.
  0.10.x Extend CustomFiles to be able to render go templates  (kubernetes-retired#1398)
  0.10.x migration preparation release (kubernetes-retired#1379)
  Remove etcd ENI/EIP outputs from the control plane stack and etcd-environment metadata section on the nodepools if Kubernetes.Networking.SelfHosting is Enabled. This is to break the dependency that exists on the nodestacks on the etcd resources in the controlplane stack.
  Fix worker kubelet.service not to fail on the first run
  Fix controller kubelet.service not to fail on the first run
  Fix etcd breakage due to strange systemd behavior
  autoscaler: update cloud-config-controller (kubernetes-retired#1268)
  remove potential circular dependency
  Actually depend on var-lib-etcd2.mount service to be active
  Disable coreOS auto-updates
  removed unused s3 flags from commands
  update kubernetes-dashboard to 1.8.3
  Latest versions of Calico node/typha Removes work-around for Typha issue https://github.com/projectcalico/typha/issues/118
  Fix typo of Getting Started.
  ...
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mumoshu mumoshu mumoshu left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gianrubio @codecov-io @mumoshu