mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 04:06:03 +00:00
use port configuration
This commit is contained in:
parent
a3ff0eaf69
commit
ece0461cce
@ -29,6 +29,7 @@ from charms.layer import nginx
|
||||
from subprocess import Popen
|
||||
from subprocess import PIPE
|
||||
from subprocess import STDOUT
|
||||
from subprocess import CalledProcessError
|
||||
|
||||
|
||||
@when('certificates.available')
|
||||
@ -49,6 +50,16 @@ def request_server_certificates(tls):
|
||||
tls.request_server_cert(common_name, sans, certificate_name)
|
||||
|
||||
|
||||
@when('config.changed.port')
|
||||
def close_old_port():
|
||||
config = hookenv.config()
|
||||
old_port = config.previous('port')
|
||||
try:
|
||||
hookenv.close_port(old_port)
|
||||
except CalledProcessError:
|
||||
hookenv.log('Port %d already closed, skipping.' % old_port)
|
||||
|
||||
|
||||
@when('nginx.available', 'apiserver.available',
|
||||
'certificates.server.cert.available')
|
||||
def install_load_balancer(apiserver, tls):
|
||||
@ -63,20 +74,23 @@ def install_load_balancer(apiserver, tls):
|
||||
if cert_exists and key_exists:
|
||||
# At this point the cert and key exist, and they are owned by root.
|
||||
chown = ['chown', 'www-data:www-data', server_cert_path]
|
||||
|
||||
# Change the owner to www-data so the nginx process can read the cert.
|
||||
subprocess.call(chown)
|
||||
chown = ['chown', 'www-data:www-data', server_key_path]
|
||||
|
||||
# Change the owner to www-data so the nginx process can read the key.
|
||||
subprocess.call(chown)
|
||||
|
||||
hookenv.open_port(hookenv.config('port'))
|
||||
port = hookenv.config('port')
|
||||
hookenv.open_port(port)
|
||||
services = apiserver.services()
|
||||
nginx.configure_site(
|
||||
'apilb',
|
||||
'apilb.conf',
|
||||
server_name='_',
|
||||
services=services,
|
||||
port=hookenv.config('port'),
|
||||
port=port,
|
||||
server_certificate=server_cert_path,
|
||||
server_key=server_key_path,
|
||||
)
|
||||
|
@ -8,7 +8,7 @@ upstream target_service {
|
||||
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen {{ port }} ssl http2;
|
||||
server_name {{ server_name }};
|
||||
|
||||
access_log /var/log/nginx.access.log;
|
||||
|
Loading…
Reference in New Issue
Block a user