From 2afc76fadd512ef372e87d9eedbcb26e97a0aea0 Mon Sep 17 00:00:00 2001 From: Mike Wilson Date: Tue, 23 Jan 2018 11:17:05 -0500 Subject: [PATCH] Adding network spaces support for kubernetes-master. --- .../reactive/kubernetes_master.py | 26 ++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py b/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py index 3d5ab28b210..e02a30025f9 100644 --- a/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py +++ b/cluster/juju/layers/kubernetes-master/reactive/kubernetes_master.py @@ -556,8 +556,23 @@ def push_service_data(kube_api): kube_api.configure(port=6443) -@when('certificates.available') -def send_data(tls): +def get_ingress_address(relation): + try: + network_info = hookenv.network_get(relation.relation_name) + except NotImplementedError: + network_info = [] + + if network_info and 'ingress-addresses' in network_info: + # just grab the first one for now, maybe be more robust here? + return network_info['ingress-addresses'][0] + else: + # if they don't have ingress-addresses they are running a juju that + # doesn't support spaces, so just return the private address + return hookenv.unit_get('private-address') + + +@when('certificates.available', 'kube-api-endpoint.available') +def send_data(tls, kube_api_endpoint): '''Send the data that is required to create a server certificate for this server.''' # Use the public ip of this unit as the Common Name for the certificate. @@ -566,11 +581,14 @@ def send_data(tls): # Get the SDN gateway based on the cidr address. kubernetes_service_ip = get_kubernetes_service_ip() + # Get ingress address + ingress_ip = get_ingress_address(kube_api_endpoint) + domain = hookenv.config('dns_domain') # Create SANs that the tls layer will add to the server cert. sans = [ hookenv.unit_public_ip(), - hookenv.unit_private_ip(), + ingress_ip, socket.gethostname(), kubernetes_service_ip, 'kubernetes', @@ -1100,6 +1118,8 @@ def configure_apiserver(etcd_connection_string, leader_etcd_version): api_opts['basic-auth-file'] = '/root/cdk/basic_auth.csv' api_opts['token-auth-file'] = '/root/cdk/known_tokens.csv' api_opts['service-account-key-file'] = '/root/cdk/serviceaccount.key' + api_opts['kubelet-preferred-address-types'] = \ + '[InternalIP,Hostname,InternalDNS,ExternalDNS,ExternalIP]' etcd_dir = '/root/cdk/etcd' etcd_ca = os.path.join(etcd_dir, 'client-ca.pem')