etcd: enable v2 api only if needed (#8001)

* etcd: enable v2 api only if needed

Only enable v2 API if we have a consumer (flannel)
This reduce the exposed surface for etcd.

* Fix bad group name
This commit is contained in:
Max Gautier 2021-09-22 21:36:32 +02:00 committed by GitHub
parent c8d7f000c9
commit c0e1211abe
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -32,8 +32,9 @@ ETCD_MAX_SNAPSHOTS={{ etcd_max_snapshots }}
{% if etcd_max_wals is defined %}
ETCD_MAX_WALS={{ etcd_max_wals }}
{% endif %}
# Flannel need etcd v2 API
{% if hostvars[groups['k8s_cluster'][0]]['kube_network_plugin'] == 'flannel' %}
ETCD_ENABLE_V2=true
{% endif %}
# TLS settings
ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem