From 3ce865f0c821ac4dedb58f1a92330656429dd13c Mon Sep 17 00:00:00 2001
From: Alexandre Allard <alexandre.allard@scality.com>
Date: Fri, 10 Jan 2020 10:34:56 +0100
Subject: [PATCH] salt: use all etcd servers as apiserver backends

Define all clients URLs as etcd servers for API
server backend, this way, if the local etcd is
down, the API server is still able to answer.

Refs: #2080
---
 salt/metalk8s/kubernetes/apiserver/installed.sls | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/salt/metalk8s/kubernetes/apiserver/installed.sls b/salt/metalk8s/kubernetes/apiserver/installed.sls
index 3e869d8f66..89ce9fe1fc 100644
--- a/salt/metalk8s/kubernetes/apiserver/installed.sls
+++ b/salt/metalk8s/kubernetes/apiserver/installed.sls
@@ -21,6 +21,16 @@ Set up default basic auth htpasswd:
     - replace: False
 
 {%- set host = grains['metalk8s']['control_plane_ip'] %}
+{%- set etcd_servers = [] %}
+{%- if 'etcd' in pillar.metalk8s.nodes[grains.id].roles %}
+{%-   do etcd_servers.append("https://" ~ host ~ ":2379") %}
+{%- endif %}
+
+{%- for member in pillar.metalk8s.etcd.members | default([]) %}
+{%-   do etcd_servers.append(member['client_urls']) %}
+{%- endfor %}
+
+{%- set etcd_servers = (etcd_servers | sort) | unique %}
 
 Create kube-apiserver Pod manifest:
   metalk8s.static_pod_managed:
@@ -61,7 +71,7 @@ Create kube-apiserver Pod manifest:
           - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
           - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
           - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
-          - --etcd-servers=https://{{ grains.metalk8s.control_plane_ip }}:2379
+          - --etcd-servers={{ etcd_servers | join(",") }}
           - --insecure-port=0
           - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
           - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key