salt: use all etcd servers as apiserver backends

Define all clients URLs as etcd servers for API server backend, this way, if the local etcd is down, the API server is still able to answer. Refs: #2080
scality · Jan 16, 2020 · 3ce865f · 3ce865f
1 parent 74d23dc
commit 3ce865f
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/salt/metalk8s/kubernetes/apiserver/installed.sls b/salt/metalk8s/kubernetes/apiserver/installed.sls
@@ -21,6 +21,16 @@ Set up default basic auth htpasswd:
     - replace: False
 
 {%- set host = grains['metalk8s']['control_plane_ip'] %}
+{%- set etcd_servers = [] %}
+{%- if 'etcd' in pillar.metalk8s.nodes[grains.id].roles %}
+{%-   do etcd_servers.append("https://" ~ host ~ ":2379") %}
+{%- endif %}
+
+{%- for member in pillar.metalk8s.etcd.members | default([]) %}
+{%-   do etcd_servers.append(member['client_urls']) %}
+{%- endfor %}
+
+{%- set etcd_servers = (etcd_servers | sort) | unique %}
 
 Create kube-apiserver Pod manifest:
   metalk8s.static_pod_managed:
@@ -61,7 +71,7 @@ Create kube-apiserver Pod manifest:
           - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
           - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
           - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
-          - --etcd-servers=https://{{ grains.metalk8s.control_plane_ip }}:2379
+          - --etcd-servers={{ etcd_servers | join(",") }}
           - --insecure-port=0
           - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
           - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key