Add etcd key and cert environment variables for use with client auth

2026-02-01 09:38:12 -03:30 · 2017-11-07 09:06:16 -05:00
parent ad6fecefa8
commit e45b30d033
13 changed files with 39 additions and 0 deletions
--- a/roles/network_plugin/calico/rr/tasks/main.yml
+++ b/roles/network_plugin/calico/rr/tasks/main.yml
@@ -57,6 +57,9 @@
  retries: 4
  delay: "{{ retry_stagger | random + 3 }}"
  delegate_to: "{{groups['etcd'][0]}}"
+  environment:
+    ETCDCTL_CERT: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
+    ETCDCTL_KEY: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"

 - meta: flush_handlers

--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -83,6 +83,8 @@
  uri:
    url: https://localhost:2379/health
    validate_certs: no
+    client_cert: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
+    client_key: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"
  register: result
  until: result.status == 200 or result.status == 401
  retries: 10
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -34,6 +34,9 @@
  delegate_to: "{{groups['etcd'][0]}}"
  changed_when: false
  run_once: true
+  environment:
+    ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
+    ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"

 - name: Canal | Create canal node manifests
  template:
--- a/roles/network_plugin/canal/templates/cni-canal.conflist.j2
+++ b/roles/network_plugin/canal/templates/cni-canal.conflist.j2
@@ -7,6 +7,9 @@
      "delegate": {
        "type": "calico",
        "etcd_endpoints": "{{ etcd_access_addresses }}",
+        "etcd_key_file": "{{ canal_cert_dir }}/key.pem",
+        "etcd_cert_file": "{{ canal_cert_dir }}/cert.crt",
+        "etcd_ca_cert_file": "{{ canal_cert_dir }}/ca_cert.crt",
        "log_level": "info",
        "policy": {
          "type": "k8s"