github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

use port configuration

Browse Source
This commit is contained in:
Rye Terrell 2017-07-14 13:23:22 -05:00
parent a3ff0eaf69
commit ece0461cce
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cluster/juju/layers/kubeapi-load-balancer/reactive/load_balancer.py
View File

@ -29,6 +29,7 @@ from charms.layer import nginx
from subprocess import Popen from subprocess import Popen
from subprocess import PIPE from subprocess import PIPE
from subprocess import STDOUT from subprocess import STDOUT
from subprocess import CalledProcessError
@when('certificates.available') @when('certificates.available')
@ -49,6 +50,16 @@ def request_server_certificates(tls):
tls.request_server_cert(common_name, sans, certificate_name) tls.request_server_cert(common_name, sans, certificate_name)
@when('config.changed.port')
def close_old_port():
config = hookenv.config()
old_port = config.previous('port')
try:
hookenv.close_port(old_port)
except CalledProcessError:
hookenv.log('Port %d already closed, skipping.' % old_port)
@when('nginx.available', 'apiserver.available', @when('nginx.available', 'apiserver.available',
'certificates.server.cert.available') 'certificates.server.cert.available')
def install_load_balancer(apiserver, tls): def install_load_balancer(apiserver, tls):
@ -63,20 +74,23 @@ def install_load_balancer(apiserver, tls):
if cert_exists and key_exists: if cert_exists and key_exists:
# At this point the cert and key exist, and they are owned by root. # At this point the cert and key exist, and they are owned by root.
chown = ['chown', 'www-data:www-data', server_cert_path] chown = ['chown', 'www-data:www-data', server_cert_path]
# Change the owner to www-data so the nginx process can read the cert. # Change the owner to www-data so the nginx process can read the cert.
subprocess.call(chown) subprocess.call(chown)
chown = ['chown', 'www-data:www-data', server_key_path] chown = ['chown', 'www-data:www-data', server_key_path]
# Change the owner to www-data so the nginx process can read the key. # Change the owner to www-data so the nginx process can read the key.
subprocess.call(chown) subprocess.call(chown)
hookenv.open_port(hookenv.config('port')) port = hookenv.config('port')
hookenv.open_port(port)
services = apiserver.services() services = apiserver.services()
nginx.configure_site( nginx.configure_site(
'apilb', 'apilb',
'apilb.conf', 'apilb.conf',
server_name='_', server_name='_',
services=services, services=services,
port=hookenv.config('port'), port=port,
server_certificate=server_cert_path, server_certificate=server_cert_path,
server_key=server_key_path, server_key=server_key_path,
) )

2
cluster/juju/layers/kubeapi-load-balancer/templates/apilb.conf
View File

@ -8,7 +8,7 @@ upstream target_service {
server { server {
listen 443 ssl http2; listen {{ port }} ssl http2;
server_name {{ server_name }}; server_name {{ server_name }};
access_log /var/log/nginx.access.log; access_log /var/log/nginx.access.log;