From c0e1211abe0076c57a6b0e3ac67caf104f9f3767 Mon Sep 17 00:00:00 2001
From: Max Gautier <ashelia1000@gmail.com>
Date: Wed, 22 Sep 2021 21:36:32 +0200
Subject: [PATCH] etcd: enable v2 api only if needed (#8001)

* etcd: enable v2 api only if needed

Only enable v2 API if we have a consumer (flannel)
This reduce the exposed surface for etcd.

* Fix bad group name
---
 roles/etcd/templates/etcd.env.j2 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/etcd/templates/etcd.env.j2 b/roles/etcd/templates/etcd.env.j2
index 9def0d501..03e5f0c6b 100644
--- a/roles/etcd/templates/etcd.env.j2
+++ b/roles/etcd/templates/etcd.env.j2
@@ -32,8 +32,9 @@ ETCD_MAX_SNAPSHOTS={{ etcd_max_snapshots }}
 {% if etcd_max_wals is defined %}
 ETCD_MAX_WALS={{ etcd_max_wals }}
 {% endif %}
-# Flannel need etcd v2 API
+{% if hostvars[groups['k8s_cluster'][0]]['kube_network_plugin'] == 'flannel' %}
 ETCD_ENABLE_V2=true
+{% endif %}
 
 # TLS settings
 ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
-- 
GitLab