github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-01 07:47:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #60808 from jpbetz/etcd-migrate-tls

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 60872, 60808). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Pass in etcd TLS credentials during migrate and rollback

For HA etcd clusters, the `etcd-creds` settings, specifically the `--peer-*` TLS flags that may be included, must be passed in to `start-stop-etcd.sh` in order for the etcd server mode started during migrate and rollback steps to be able to communicate between peers.

The `etcd.manifest` change needs to be backported all the way back to 1.7.

**Release note**:
```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-03-07 00:12:49 -08:00 committed by GitHub
commit 891b471064
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cluster/gce/manifests/etcd.manifest
View File

@ -36,6 +36,9 @@
}, },
{ "name": "INITIAL_CLUSTER", { "name": "INITIAL_CLUSTER",
"value": "{{ etcd_cluster }}" "value": "{{ etcd_cluster }}"
},
{ "name": "ETCD_CREDS",
"value": "{{ etcd_creds }}"
} }
], ],
"livenessProbe": { "livenessProbe": {

7
cluster/images/etcd/start-stop-etcd.sh
View File

@ -16,6 +16,9 @@
# Starts 'etcd' version ${START_VERSION} and writes to it: # Starts 'etcd' version ${START_VERSION} and writes to it:
# 'etcd_version' -> "${START_VERSION}" # 'etcd_version' -> "${START_VERSION}"
# ETCD_CREDS may optionally be set to provide flags for TLS credentials
# such as '--cert-file' and '--peer-cert-file'. For a complete list of
# flags, see https://coreos.com/etcd/docs/latest/op-guide/security.html.
# Successful write confirms that etcd is up and running. # Successful write confirms that etcd is up and running.
# Sets ETCD_PID at the end. # Sets ETCD_PID at the end.
# Returns 0 if etcd was successfully started, non-0 otherwise. # Returns 0 if etcd was successfully started, non-0 otherwise.
@ -23,6 +26,7 @@ start_etcd() {
# Use random ports, so that apiserver cannot connect to etcd. # Use random ports, so that apiserver cannot connect to etcd.
ETCD_PORT=18629 ETCD_PORT=18629
ETCD_PEER_PORT=2380 ETCD_PEER_PORT=2380
ETCD_CREDS="${ETCD_CREDS:-}"
# Avoid collisions between etcd and event-etcd. # Avoid collisions between etcd and event-etcd.
case "${DATA_DIRECTORY}" in case "${DATA_DIRECTORY}" in
*event*) *event*)
@ -46,7 +50,8 @@ start_etcd() {
--listen-client-urls http://127.0.0.1:${ETCD_PORT} \ --listen-client-urls http://127.0.0.1:${ETCD_PORT} \
--advertise-client-urls http://127.0.0.1:${ETCD_PORT} \ --advertise-client-urls http://127.0.0.1:${ETCD_PORT} \
--listen-peer-urls http://127.0.0.1:${ETCD_PEER_PORT} \ --listen-peer-urls http://127.0.0.1:${ETCD_PEER_PORT} \
--initial-advertise-peer-urls http://127.0.0.1:${ETCD_PEER_PORT} & --initial-advertise-peer-urls http://127.0.0.1:${ETCD_PEER_PORT} \
${ETCD_CREDS} &
ETCD_PID=$! ETCD_PID=$!
# Wait until we can write to etcd. # Wait until we can write to etcd.
for i in $(seq 240); do for i in $(seq 240); do