diff --git a/cluster/hosts.go b/cluster/hosts.go index 14ef2583..c1158b54 100644 --- a/cluster/hosts.go +++ b/cluster/hosts.go @@ -10,6 +10,7 @@ import ( "github.com/rancher/rke/pki" "github.com/rancher/rke/services" "github.com/sirupsen/logrus" + "golang.org/x/sync/errgroup" ) const ( @@ -96,14 +97,16 @@ func (c *Cluster) InvertIndexHosts() error { func (c *Cluster) SetUpHosts(ctx context.Context) error { if c.Authentication.Strategy == X509AuthenticationProvider { log.Infof(ctx, "[certificates] Deploying kubernetes certificates to Cluster nodes") - if err := pki.DeployCertificatesOnMasters(ctx, c.ControlPlaneHosts, c.Certificates, c.SystemImages.CertDownloader, c.PrivateRegistriesMap); err != nil { - return err + hosts := c.getUniqueHostList() + var errgrp errgroup.Group + + for _, host := range hosts { + runHost := host + errgrp.Go(func() error { + return pki.DeployCertificatesOnPlaneHost(ctx, runHost, c.EtcdHosts, c.Certificates, c.SystemImages.CertDownloader, c.PrivateRegistriesMap) + }) } - if err := pki.DeployCertificatesOnWorkers(ctx, c.WorkerHosts, c.Certificates, c.SystemImages.CertDownloader, c.PrivateRegistriesMap); err != nil { - return err - } - // Deploying etcd certificates - if err := pki.DeployCertificatesOnEtcd(ctx, c.EtcdHosts, c.Certificates, c.SystemImages.CertDownloader, c.PrivateRegistriesMap); err != nil { + if err := errgrp.Wait(); err != nil { return err } diff --git a/pki/deploy.go b/pki/deploy.go index ab471c4c..f981fc47 100644 --- a/pki/deploy.go +++ b/pki/deploy.go @@ -20,76 +20,35 @@ import ( "k8s.io/client-go/util/cert" ) -func DeployCertificatesOnMasters(ctx context.Context, cpHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error { - // list of certificates that should be deployed on the masters - crtList := []string{ - CACertName, - KubeAPICertName, - KubeControllerCertName, - KubeSchedulerCertName, - KubeProxyCertName, - KubeNodeCertName, +func DeployCertificatesOnPlaneHost(ctx context.Context, host *hosts.Host, etcdHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error { + certList := []string{} + if host.IsControl { + certList = []string{ + CACertName, + KubeAPICertName, + KubeControllerCertName, + KubeSchedulerCertName, + KubeProxyCertName, + KubeNodeCertName, + } + } else { + certList = []string{ + CACertName, + KubeProxyCertName, + KubeNodeCertName, + } + } + if host.IsEtcd { + for _, host := range etcdHosts { + certList = append(certList, GetEtcdCrtName(host.InternalAddress)) + } } env := []string{} - for _, crtName := range crtList { + for _, crtName := range certList { c := crtMap[crtName] env = append(env, c.ToEnv()...) } - - for i := range cpHosts { - err := doRunDeployer(ctx, cpHosts[i], env, certDownloaderImage, prsMap) - if err != nil { - return err - } - } - return nil -} - -func DeployCertificatesOnWorkers(ctx context.Context, workerHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error { - // list of certificates that should be deployed on the workers - crtList := []string{ - CACertName, - KubeProxyCertName, - KubeNodeCertName, - } - env := []string{} - for _, crtName := range crtList { - c := crtMap[crtName] - env = append(env, c.ToEnv()...) - } - - for i := range workerHosts { - err := doRunDeployer(ctx, workerHosts[i], env, certDownloaderImage, prsMap) - if err != nil { - return err - } - } - return nil -} - -func DeployCertificatesOnEtcd(ctx context.Context, etcdHosts []*hosts.Host, crtMap map[string]CertificatePKI, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error { - // list of certificates that should be deployed on the etcd - crtList := []string{ - CACertName, - KubeProxyCertName, - KubeNodeCertName, - } - for _, host := range etcdHosts { - crtList = append(crtList, GetEtcdCrtName(host.InternalAddress)) - } - env := []string{} - for _, crtName := range crtList { - c := crtMap[crtName] - env = append(env, c.ToEnv()...) - } - - for i := range etcdHosts { - err := doRunDeployer(ctx, etcdHosts[i], env, certDownloaderImage, prsMap) - if err != nil { - return err - } - } - return nil + return doRunDeployer(ctx, host, env, certDownloaderImage, prsMap) } func doRunDeployer(ctx context.Context, host *hosts.Host, containerEnv []string, certDownloaderImage string, prsMap map[string]v3.PrivateRegistry) error {