mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Merge pull request #48958 from wwwtyro/rye/charm-load-balancer-port
Automatic merge from submit-queue (batch tested with PRs 48578, 48895, 48958) use port configuration **What this PR does / why we need it**: Uses the `port` config option in the kubeapi-load-balancer charm. **Release note**: ```release-note Uses the port config option in the kubeapi-load-balancer charm. ```
This commit is contained in:
commit
60c3dd1bf7
@ -29,6 +29,7 @@ from charms.layer import nginx
|
|||||||
from subprocess import Popen
|
from subprocess import Popen
|
||||||
from subprocess import PIPE
|
from subprocess import PIPE
|
||||||
from subprocess import STDOUT
|
from subprocess import STDOUT
|
||||||
|
from subprocess import CalledProcessError
|
||||||
|
|
||||||
|
|
||||||
@when('certificates.available')
|
@when('certificates.available')
|
||||||
@ -49,6 +50,16 @@ def request_server_certificates(tls):
|
|||||||
tls.request_server_cert(common_name, sans, certificate_name)
|
tls.request_server_cert(common_name, sans, certificate_name)
|
||||||
|
|
||||||
|
|
||||||
|
@when('config.changed.port')
|
||||||
|
def close_old_port():
|
||||||
|
config = hookenv.config()
|
||||||
|
old_port = config.previous('port')
|
||||||
|
try:
|
||||||
|
hookenv.close_port(old_port)
|
||||||
|
except CalledProcessError:
|
||||||
|
hookenv.log('Port %d already closed, skipping.' % old_port)
|
||||||
|
|
||||||
|
|
||||||
@when('nginx.available', 'apiserver.available',
|
@when('nginx.available', 'apiserver.available',
|
||||||
'certificates.server.cert.available')
|
'certificates.server.cert.available')
|
||||||
def install_load_balancer(apiserver, tls):
|
def install_load_balancer(apiserver, tls):
|
||||||
@ -63,20 +74,23 @@ def install_load_balancer(apiserver, tls):
|
|||||||
if cert_exists and key_exists:
|
if cert_exists and key_exists:
|
||||||
# At this point the cert and key exist, and they are owned by root.
|
# At this point the cert and key exist, and they are owned by root.
|
||||||
chown = ['chown', 'www-data:www-data', server_cert_path]
|
chown = ['chown', 'www-data:www-data', server_cert_path]
|
||||||
|
|
||||||
# Change the owner to www-data so the nginx process can read the cert.
|
# Change the owner to www-data so the nginx process can read the cert.
|
||||||
subprocess.call(chown)
|
subprocess.call(chown)
|
||||||
chown = ['chown', 'www-data:www-data', server_key_path]
|
chown = ['chown', 'www-data:www-data', server_key_path]
|
||||||
|
|
||||||
# Change the owner to www-data so the nginx process can read the key.
|
# Change the owner to www-data so the nginx process can read the key.
|
||||||
subprocess.call(chown)
|
subprocess.call(chown)
|
||||||
|
|
||||||
hookenv.open_port(hookenv.config('port'))
|
port = hookenv.config('port')
|
||||||
|
hookenv.open_port(port)
|
||||||
services = apiserver.services()
|
services = apiserver.services()
|
||||||
nginx.configure_site(
|
nginx.configure_site(
|
||||||
'apilb',
|
'apilb',
|
||||||
'apilb.conf',
|
'apilb.conf',
|
||||||
server_name='_',
|
server_name='_',
|
||||||
services=services,
|
services=services,
|
||||||
port=hookenv.config('port'),
|
port=port,
|
||||||
server_certificate=server_cert_path,
|
server_certificate=server_cert_path,
|
||||||
server_key=server_key_path,
|
server_key=server_key_path,
|
||||||
)
|
)
|
||||||
|
@ -8,7 +8,7 @@ upstream target_service {
|
|||||||
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen {{ port }} ssl http2;
|
||||||
server_name {{ server_name }};
|
server_name {{ server_name }};
|
||||||
|
|
||||||
access_log /var/log/nginx.access.log;
|
access_log /var/log/nginx.access.log;
|
||||||
|
Loading…
Reference in New Issue
Block a user