rancher/rke
1
0
Fork 0
mirror of https://github.com/rancher/rke.git synced 2025-09-05 00:40:10 +00:00
Code Issues Releases Wiki Activity

Deploy backup certificates on full plane instead of single node

Browse Source
This commit is contained in:
moelsayed
2018-04-20 06:08:24 +02:00
committed by Darren Shepherd
parent f1e39f9b10
commit fb1fd833ce
2 changed files with 43 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
cluster/certificates.go
View File

@@ -22,19 +22,23 @@ func SetUpAuthentication(ctx context.Context, kubeCluster, currentCluster *Clust
if currentCluster != nil { if currentCluster != nil {
kubeCluster.Certificates = currentCluster.Certificates kubeCluster.Certificates = currentCluster.Certificates
} else { } else {
var backupHost *hosts.Host var backupPlane string
var backupHosts []*hosts.Host
if len(kubeCluster.Services.Etcd.ExternalURLs) > 0 { if len(kubeCluster.Services.Etcd.ExternalURLs) > 0 {
backupHost = kubeCluster.ControlPlaneHosts[0] backupPlane = ControlPlane
backupHosts = kubeCluster.ControlPlaneHosts
} else { } else {
backupHost = kubeCluster.EtcdHosts[0] backupPlane = EtcdPlane
backupHosts = kubeCluster.EtcdHosts
} }
log.Infof(ctx, "[certificates] Attempting to recover certificates from backup on host [%s]", backupHost.Address) log.Infof(ctx, "[certificates] Attempting to recover certificates from backup on [%s] hosts", backupPlane)
kubeCluster.Certificates, err = pki.FetchCertificatesFromHost(ctx, kubeCluster.EtcdHosts, backupHost, kubeCluster.SystemImages.Alpine, kubeCluster.LocalKubeConfigPath, kubeCluster.PrivateRegistriesMap)
kubeCluster.Certificates, err = fetchBackupCertificates(ctx, backupHosts, kubeCluster)
if err != nil { if err != nil {
return err return err
} }
if kubeCluster.Certificates != nil { if kubeCluster.Certificates != nil {
log.Infof(ctx, "[certificates] Certificate backup found on host [%s]", backupHost.Address) log.Infof(ctx, "[certificates] Certificate backup found on[%s] hosts", backupPlane)
// this is the case of adding controlplane node on empty cluster with only etcd nodes // this is the case of adding controlplane node on empty cluster with only etcd nodes
if kubeCluster.Certificates[pki.KubeAdminCertName].Config == "" && len(kubeCluster.ControlPlaneHosts) > 0 { if kubeCluster.Certificates[pki.KubeAdminCertName].Config == "" && len(kubeCluster.ControlPlaneHosts) > 0 {
if err := rebuildLocalAdminConfig(ctx, kubeCluster); err != nil { if err := rebuildLocalAdminConfig(ctx, kubeCluster); err != nil {
@@ -47,17 +51,18 @@ func SetUpAuthentication(ctx context.Context, kubeCluster, currentCluster *Clust
} }
return nil return nil
} }
log.Infof(ctx, "[certificates] No Certificate backup found on host [%s]", backupHost.Address) log.Infof(ctx, "[certificates] No Certificate backup found on [%s] hosts", backupPlane)
kubeCluster.Certificates, err = pki.GenerateRKECerts(ctx, kubeCluster.RancherKubernetesEngineConfig, kubeCluster.LocalKubeConfigPath, "") kubeCluster.Certificates, err = pki.GenerateRKECerts(ctx, kubeCluster.RancherKubernetesEngineConfig, kubeCluster.LocalKubeConfigPath, "")
if err != nil { if err != nil {
return fmt.Errorf("Failed to generate Kubernetes certificates: %v", err) return fmt.Errorf("Failed to generate Kubernetes certificates: %v", err)
} }
log.Infof(ctx, "[certificates] Temporarily saving certs to control host [%s]", backupHost.Address)
if err := pki.DeployCertificatesOnHost(ctx, backupHost, kubeCluster.Certificates, kubeCluster.SystemImages.CertDownloader, pki.TempCertPath, kubeCluster.PrivateRegistriesMap); err != nil { log.Infof(ctx, "[certificates] Temporarily saving certs to [%s] hosts", backupPlane)
if err := deployBackupCertificates(ctx, backupHosts, kubeCluster); err != nil {
return err return err
} }
log.Infof(ctx, "[certificates] Saved certs to control host [%s]", backupHost.Address) log.Infof(ctx, "[certificates] Saved certs to [%s] hosts", backupPlane)
} }
} }
return nil return nil
@@ -176,3 +181,28 @@ func saveCertToKubernetes(kubeClient *kubernetes.Clientset, crtName string, crt
return fmt.Errorf("[certificates] Timeout waiting for kubernetes to be ready") return fmt.Errorf("[certificates] Timeout waiting for kubernetes to be ready")
} }
} }
func deployBackupCertificates(ctx context.Context, backupHosts []*hosts.Host, kubeCluster *Cluster) error {
var errgrp errgroup.Group
for _, host := range backupHosts {
runHost := host
errgrp.Go(func() error {
return pki.DeployCertificatesOnHost(ctx, runHost, kubeCluster.Certificates, kubeCluster.SystemImages.CertDownloader, pki.TempCertPath, kubeCluster.PrivateRegistriesMap)
})
}
return errgrp.Wait()
}
func fetchBackupCertificates(ctx context.Context, backupHosts []*hosts.Host, kubeCluster *Cluster) (map[string]pki.CertificatePKI, error) {
var err error
certificates := map[string]pki.CertificatePKI{}
for _, host := range backupHosts {
certificates, err = pki.FetchCertificatesFromHost(ctx, kubeCluster.EtcdHosts, host, kubeCluster.SystemImages.Alpine, kubeCluster.LocalKubeConfigPath, kubeCluster.PrivateRegistriesMap)
if certificates != nil {
return certificates, nil
}
}
// reporting the last error only.
return nil, err
}

3
cluster/cluster.go
View File

@@ -61,6 +61,9 @@ const (
CloudProvider = "CloudProvider" CloudProvider = "CloudProvider"
AzureCloudProvider = "azure" AzureCloudProvider = "azure"
AWSCloudProvider = "aws" AWSCloudProvider = "aws"
ControlPlane = "controlPlane"
WorkerPlane = "workerPlan"
EtcdPlane = "etcd"
) )
func (c *Cluster) DeployControlPlane(ctx context.Context) error { func (c *Cluster) DeployControlPlane(ctx context.Context) error {