C12s/c12s-kubespray

Fork 0

Commit graph

Author	SHA1	Message	Date
Bogdan Dobrelya	d08d2fd808	Fix separate etcd nodes and calico Admin certs are only available for kube-master nodes. When etcd nodes are separate, calico fails to access them with missing admin certs and etcd fails to configure ETCD_PEER_* env vars due to missing member certs. Fix this by switching curls to the first etcd node and delegate to the first master. This assumes only admin certs allow to get calico keys from etcd but not member/node certs. Also move member certs from master_certs to node_certs list as ETCD(_PEER)_CERT/KEY env vars expects. Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>	2016-11-25 17:24:16 +01:00
Matthew Mosesohn	46ee9faca9	Fix ca certificate loading on CoreOS	2016-11-14 08:47:09 +04:00
Matthew Mosesohn	a32cd85eb7	Add etcd TLS support	2016-11-09 18:38:28 +03:00

Author

SHA1

Message

Date

Bogdan Dobrelya

d08d2fd808

Fix separate etcd nodes and calico

Admin certs are only available for kube-master nodes.
When etcd nodes are separate, calico fails to access them with
missing admin certs and etcd fails to configure ETCD_PEER_* env
vars due to missing member certs.

Fix this by switching curls to the first etcd node
and delegate to the first master. This assumes only admin certs
allow to get calico keys from etcd but not member/node certs.
Also move member certs from master_certs to node_certs list as
ETCD(_PEER)_CERT/KEY env vars expects.

Signed-off-by: Bogdan Dobrelya <bdobrelia@mirantis.com>

2016-11-25 17:24:16 +01:00

Matthew Mosesohn

46ee9faca9

Fix ca certificate loading on CoreOS

2016-11-14 08:47:09 +04:00

Matthew Mosesohn

a32cd85eb7

Add etcd TLS support

2016-11-09 18:38:28 +03:00

3 commits