From 92925d932577f53cc2664dc39a32018ac360c3f8 Mon Sep 17 00:00:00 2001 From: Balazs Szekeres Date: Tue, 16 Jul 2019 15:30:51 +0200 Subject: [PATCH] Etcd proxy added to caas-etcd Etcd proxy added to caas-etcd Change-Id: I72fcf41c8e015653420aba2410e7c62ef3f37a94 Signed-off-by: Balazs Szekeres --- ansible/roles/etcd/meta/main.yml | 2 +- ansible/roles/etcd/tasks/add_member.yml | 2 +- ansible/roles/etcd/tasks/main.yml | 2 +- ansible/roles/etcd/templates/caas-master-nodes.j2 | 4 ++++ ansible/roles/etcd/templates/etcd.yml | 29 +++++++++++++++++++++++ caas-etcd.spec | 2 +- 6 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 ansible/roles/etcd/templates/caas-master-nodes.j2 diff --git a/ansible/roles/etcd/meta/main.yml b/ansible/roles/etcd/meta/main.yml index 29e959d..3c55c93 100644 --- a/ansible/roles/etcd/meta/main.yml +++ b/ansible/roles/etcd/meta/main.yml @@ -51,7 +51,7 @@ dependencies: cert_path: /etc/etcd/ssl alt_names: ip: - - "{{ ansible_host }}" + "{{ lookup('template', 'caas-master-nodes.j2') | from_yaml }}" add_users: - caas_etcd - kube # needed for apiserver diff --git a/ansible/roles/etcd/tasks/add_member.yml b/ansible/roles/etcd/tasks/add_member.yml index ac3afc3..f33c541 100644 --- a/ansible/roles/etcd/tasks/add_member.yml +++ b/ansible/roles/etcd/tasks/add_member.yml @@ -34,7 +34,7 @@ become_user: "root" - name: etcd docker id - shell: "docker ps | grep etcd | grep -v pause | awk -F' ' '{ print $1 }'" + shell: "docker ps --no-trunc | grep etcd | grep -v pause | grep -v grpc-proxy | awk -F' ' '{ print $1 }'" environment: DOCKER_HOST: "tcp://{{ networking.infra_internal.ip }}:2375" DOCKER_TLS_VERIFY: "1" diff --git a/ansible/roles/etcd/tasks/main.yml b/ansible/roles/etcd/tasks/main.yml index 4bc8960..3c0636f 100644 --- a/ansible/roles/etcd/tasks/main.yml +++ b/ansible/roles/etcd/tasks/main.yml @@ -50,7 +50,7 @@ when: ( nodename | search("caas_master1") ) and ( groups['caas_master']|length|int > 1 ) - name: etcd docker id - shell: "docker ps | grep etcd | grep -v pause | awk -F' ' '{ print $1 }'" + shell: "docker ps --no-trunc | grep etcd | grep -v pause | grep -v grpc-proxy | awk -F' ' '{ print $1 }'" environment: DOCKER_HOST: "tcp://{{ networking.infra_internal.ip }}:2375" DOCKER_TLS_VERIFY: "1" diff --git a/ansible/roles/etcd/templates/caas-master-nodes.j2 b/ansible/roles/etcd/templates/caas-master-nodes.j2 new file mode 100644 index 0000000..a70e849 --- /dev/null +++ b/ansible/roles/etcd/templates/caas-master-nodes.j2 @@ -0,0 +1,4 @@ +{% for host in groups['caas_master']%} +- "{{ hostvars[host]['networking']['infra_internal']['ip'] }}" +{% endfor %} + diff --git a/ansible/roles/etcd/templates/etcd.yml b/ansible/roles/etcd/templates/etcd.yml index c54017f..3be70a8 100644 --- a/ansible/roles/etcd/templates/etcd.yml +++ b/ansible/roles/etcd/templates/etcd.yml @@ -89,6 +89,35 @@ spec: - name: secret mountPath: /etc/etcd/ssl readOnly: true + - name: kube-etcd-proxy + image: {{ container_image_names | select('search', '/etcd') | list | last }} +{% set etcdproxys = [] -%} +{%- for nodenumber in range(groups['caas_master']|length|int) -%} +{%- if etcdproxys.append('https://' + (hostvars[groups.caas_master[nodenumber]]['networking']['infra_internal']['ip']|string) + ':' + (caas.etcd_api_port|string) ) -%}{%- endif -%} +{%- endfor %} + command: + - /usr/bin/etcd + args: + - grpc-proxy + - start + - --endpoints={{ etcdproxys|join(',')}} + - --listen-addr={{ ansible_host }}:{{ caas.etcd_proxy_port }} + - --advertise-client-url={{ ansible_host }}:{{ caas.etcd_proxy_port }} + - --resolver-prefix='___grpc_proxy_endpoint' + - --resolver-ttl=60 + - --cert=/etc/etcd/ssl/etcd{{ nodeindex }}.pem + - --key=/etc/etcd/ssl/etcd{{ nodeindex }}-key.pem + - --cacert=/etc/etcd/ssl/ca.pem + resources: + requests: + cpu: "10m" + volumeMounts: + - name: time-mount + mountPath: /etc/localtime + readOnly: true + - name: secret + mountPath: /etc/etcd/ssl + readOnly: true volumes: - name: time-mount hostPath: diff --git a/caas-etcd.spec b/caas-etcd.spec index cdffd04..0a80f02 100644 --- a/caas-etcd.spec +++ b/caas-etcd.spec @@ -15,7 +15,7 @@ %define COMPONENT etcd %define RPM_NAME caas-%{COMPONENT} %define RPM_MAJOR_VERSION 3.3.13 -%define RPM_MINOR_VERSION 3 +%define RPM_MINOR_VERSION 4 %define IMAGE_TAG %{RPM_MAJOR_VERSION}-%{RPM_MINOR_VERSION} %define docker_build_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-build %define docker_save_dir %{_builddir}/%{RPM_NAME}-%{RPM_MAJOR_VERSION}/docker-save -- 2.16.6