X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=ansible%2Froles%2Fkube_master%2Fdefaults%2Fmain.yaml;h=38e3f47ee27cca40d5824766a9042ca63fbafd2f;hb=b71b415e681f1418557ed00ae47d080f8320e15c;hp=9e22c4d8bacf4541f4f63fe8ef9ea5490d455343;hpb=0141a51caf9c391aa8492a5d5ef4ba34e60d570b;p=ta%2Fcaas-kubernetes.git

diff --git a/ansible/roles/kube_master/defaults/main.yaml b/ansible/roles/kube_master/defaults/main.yaml
index 9e22c4d..38e3f47 100644
--- a/ansible/roles/kube_master/defaults/main.yaml
+++ b/ansible/roles/kube_master/defaults/main.yaml
@@ -47,7 +47,10 @@ apiserver_params:
   - "--bind-address={{ apiserver }}"
   - "--client-ca-file=/etc/openssl/ca.pem"
   - "--enable-bootstrap-token-auth=true"
-  - "--etcd-servers=http://{{ hostvars[hostname]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_proxy_port }}{% for host in ( groups['caas_master'] | reject('search', hostname) ) %},http://{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_proxy_port }}{% endfor %}"
+  - "--etcd-cafile=/etc/etcd/ssl/ca.pem"
+  - "--etcd-certfile=/etc/etcd/ssl/etcd{{ nodeindex }}.pem"
+  - "--etcd-keyfile=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem"
+  - "--etcd-servers=https://{{ hostvars[hostname]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_api_port }}{% for host in ( groups['caas_master'] | reject('search', hostname) ) %},https://{{ hostvars[host]['networking']['infra_internal']['ip'] }}:{{ caas.etcd_api_port }}{% endfor %}"
   - "--experimental-encryption-provider-config={{ caas.cert_path }}/{{ caas._secrets_conf }}"
   - "--feature-gates={{ apiserver_feature_gates | get_kube_options }}"
   - "--insecure-port=0"