Add etcd key and cert environment variables for use with client auth

2026-01-31 17:19:17 -03:30 · 2017-11-07 09:06:16 -05:00
parent ad6fecefa8
commit e45b30d033
13 changed files with 39 additions and 0 deletions
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -34,6 +34,9 @@
  delegate_to: "{{groups['etcd'][0]}}"
  changed_when: false
  run_once: true
+  environment:
+    ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}.pem"
+    ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/node-{{ inventory_hostname }}-key.pem"

 - name: Canal | Create canal node manifests
  template:
--- a/roles/network_plugin/canal/templates/cni-canal.conflist.j2
+++ b/roles/network_plugin/canal/templates/cni-canal.conflist.j2
@@ -7,6 +7,9 @@
      "delegate": {
        "type": "calico",
        "etcd_endpoints": "{{ etcd_access_addresses }}",
+        "etcd_key_file": "{{ canal_cert_dir }}/key.pem",
+        "etcd_cert_file": "{{ canal_cert_dir }}/cert.crt",
+        "etcd_ca_cert_file": "{{ canal_cert_dir }}/ca_cert.crt",
        "log_level": "info",
        "policy": {
          "type": "k8s"