From 251800eb16777cf5c6b2edcf7362330352bb5a39 Mon Sep 17 00:00:00 2001
From: Aleksandr Didenko <adidenko@mirantis.com>
Date: Thu, 10 Nov 2016 13:13:03 +0100
Subject: [PATCH] Fix policy controller

'etcd_cert_dir' variable is missing from 'kubernetes-apps/ansible'
role which breaks Calico policy controller deployment.

Also fixing calico-policy-controller.yml.
---
 roles/kubernetes-apps/ansible/defaults/main.yml |  5 ++++-
 .../templates/calico-policy-controller.yml.j2   | 17 ++++++++---------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index b1086aa0d..d39d146fd 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -9,4 +9,7 @@ kubedns_image_tag: "{{ kubedns_version }}"
 kubednsmasq_image_repo: "gcr.io/google_containers/kube-dnsmasq-amd64"
 kubednsmasq_image_tag: "{{ kubednsmasq_version }}"
 exechealthz_image_repo: "gcr.io/google_containers/exechealthz-amd64"
-exechealthz_image_tag: "{{ exechealthz_version }}"
\ No newline at end of file
+exechealthz_image_tag: "{{ exechealthz_version }}"
+
+# SSL
+etcd_cert_dir: "/etc/ssl/etcd/ssl"
diff --git a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
index 5e0586e16..698710b95 100644
--- a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
@@ -44,12 +44,11 @@ spec:
             # This removes the need for KubeDNS to resolve the Service.
             - name: CONFIGURE_ETC_HOSTS
               value: "true"
-    volumeMounts:
-    - mountPath: {{ etcd_cert_dir }}
-      name: etcd-certs
-      readOnly: true
-  volumes:
-  - hostPath:
-      path: {{ etcd_cert_dir }}
-    name: etcd-certs
-
+          volumeMounts:
+          - mountPath: {{ etcd_cert_dir }}
+            name: etcd-certs
+            readOnly: true
+      volumes:
+      - hostPath:
+          path: {{ etcd_cert_dir }}
+        name: etcd-certs
-- 
GitLab