Enable kubeadm etcd mode (#4818)

* Enable kubeadm etcd mode Uses cert commands from kubeadm experimental control plane to enable non-master nodes to obtain etcd certs. Related story: PROD-29434 Change-Id: Idafa1d223e5c6ceadf819b6f9c06adf4c4f74178 * Add validation checks and exclude calico kdd mode Change-Id: Ic234f5e71261d33191376e70d438f9f6d35f358c * Move etcd mode test to ubuntu flannel HA job Change-Id: I9af6fd80a1bbb1692ab10d6da095eb368f6bc732 * rename etcd_mode to etcd_kubeadm_enabled Change-Id: Ib196d6c8a52f48cae370b026f7687ff9ca69c172
2026-05-12 03:47:38 -02:30 · 2019-06-20 11:12:51 -07:00
parent e2f9adc2ff
commit 4348e78b24
18 changed files with 263 additions and 7 deletions
--- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
+++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
@@ -212,3 +212,15 @@
    msg: "resolvconf_mode can only be 'docker_dns', 'host_resolvconf' or 'none'"
  when: resolvconf_mode is defined
  run_once: true
+
+- name: Stop if k8s version is too low for kubeadm etcd mode
+  assert:
+    that: kube_version is version('v1.14.0', '>=')
+    msg: "kubeadm etcd mode requires k8s version >= v1.14.0"
+  when: etcd_kubeadm_enabled
+
+- name: Stop if kubeadm etcd mode is enabled but experimental control plane is not
+  assert:
+    that: kubeadm_control_plane
+    msg: "kubeadm etcd mode requires experimental control plane"
+  when: etcd_kubeadm_enabled
--- a/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
+++ b/roles/kubernetes/preinstall/tasks/0040-set_facts.yml
@@ -168,3 +168,13 @@
  tags:
    - facts
    - kube-proxy
+
+- name: set etcd vars if using kubeadm mode
+  set_fact:
+    etcd_cert_dir: "{{ kube_cert_dir }}"
+    kube_etcd_cacert_file: "etcd/ca.crt"
+    kube_etcd_cert_file: "apiserver-etcd-client.crt"
+    kube_etcd_key_file: "apiserver-etcd-client.key"
+    etcd_deployment_type: host
+  when:
+    - etcd_kubeadm_enabled