Merge pull request #1585 from mattymo/canal_upgrade

Fix upgrade for canal and apiserver cert
This commit is contained in:
Brad Beam 2017-08-29 18:45:21 -05:00 committed by GitHub
commit 72a0d78b3c
3 changed files with 11 additions and 15 deletions

View file

@ -8,18 +8,6 @@
resource: "configmap"
namespace: "{{system_namespace}}"
# FIXME: remove if kubernetes/features#124 is implemented
- name: Purge old flannel and canal-node
run_once: true
kube:
name: "canal-node"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/canal-node.yaml"
resource: "ds"
namespace: "{{system_namespace}}"
state: absent
when: inventory_hostname == groups['kube-master'][0] and canal_node_manifest.changed
- name: Start flannel and calico-node
run_once: true
kube:

View file

@ -82,10 +82,13 @@ gen_key_and_cert() {
# Admins
if [ -n "$MASTERS" ]; then
# If any host requires new certs, just regenerate all master certs
# kube-apiserver
# Generate only if we don't have existing ca and apiserver certs
if ! [ -e "$SSLDIR/ca-key.pem" ] || ! [ -e "$SSLDIR/apiserver-key.pem" ]; then
gen_key_and_cert "apiserver" "/CN=kube-apiserver"
cat ca.pem >> apiserver.pem
fi
# If any host requires new certs, just regenerate scheduler and controller-manager master certs
# kube-scheduler
gen_key_and_cert "kube-scheduler" "/CN=system:kube-scheduler"
# kube-controller-manager

View file

@ -3,6 +3,7 @@ kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
name: canal-node
namespace: {{ system_namespace }}
labels:
k8s-app: canal-node
spec:
@ -180,3 +181,7 @@ spec:
- name: "canal-certs"
mountPath: "{{ canal_cert_dir }}"
readOnly: true
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate