Skip to content

Commit

Permalink
salt: use all etcd servers as apiserver backends
Browse files Browse the repository at this point in the history 
Define all clients URLs as etcd servers for API
server backend, this way, if the local etcd is
down, the API server is still able to answer.
Set the local etcd, if any, as the first member
in the list.

Refs: #2080
  • Loading branch information
@alexandre-allard
alexandre-allard committed Jan 23, 2020
1 parent 45e8ab3 commit bb84b6a
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion salt/metalk8s/kubernetes/apiserver/installed.sls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,16 @@ Set up default basic auth htpasswd:
- replace: False
{%- set host = grains['metalk8s']['control_plane_ip'] %}
{%- set etcd_servers = [] %}
{#- NOTE: Filter out members with empty name as they are not started yet. #}
{%- for member in pillar.metalk8s.etcd.members | selectattr('name') %}
{%- do etcd_servers.extend(member['client_urls']) %}
{%- endfor %}
{%- set etcd_servers = etcd_servers | sort %}
{%- if 'etcd' in pillar.metalk8s.nodes[grains.id].roles %}
{%- do etcd_servers.insert(0, "https://" ~ host ~ ":2379") %}
{%- endif %}
{%- set etcd_servers = etcd_servers | unique %}
Create kube-apiserver Pod manifest:
metalk8s.static_pod_managed:
Expand Down Expand Up @@ -61,7 +71,7 @@ Create kube-apiserver Pod manifest:
- --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
- --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
- --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
- --etcd-servers=https://{{ grains.metalk8s.control_plane_ip }}:2379
- --etcd-servers={{ etcd_servers | join(",") }}
- --insecure-port=0
- --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
- --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
Expand Down

0 comments on commit bb84b6a

Please sign in to comment.