Fix etcd certificates reference to support etcd_kubeadm_enabled:true (#7766)

* Fix etcd certificates reference to support etcd_kubeadm_enabled:true * Add retries to ETCD Join Member task * Fix etcd certificates reference when etcd_kubeadm_enabled:true * Fix conflicts

Fix etcd certificates reference to support etcd_kubeadm_enabled:true (#7766)
df425ac1 · forselli-stratio · GitHub · 57a1d18d · df425ac1 · df425ac1
Unverified Commit df425ac1 authored 3 years ago by forselli-stratio Committed by GitHub 3 years ago
--- a/recover-control-plane.yml
+++ b/recover-control-plane.yml
@@ -16,7 +16,7 @@
  environment: "{{ proxy_disable_env }}"
  roles:
    - { role: kubespray-defaults}
-    - { role: recover_control_plane/etcd }
+    - { role: recover_control_plane/etcd, when: "not etcd_kubeadm_enabled|default(false)" }

 - hosts: kube_control_plane[0]
  environment: "{{ proxy_disable_env }}"

--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -42,9 +42,9 @@
  run_once: true
  environment:
    ETCDCTL_API: 2
-    ETCDCTL_CA_FILE: "{{ etcd_cert_dir }}/ca.pem"
-    ETCDCTL_CERT_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}.pem"
-    ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
+    ETCDCTL_CA_FILE: "{{ kube_cert_dir + '/etcd/ca.crt' if etcd_kubeadm_enabled else etcd_cert_dir + '/ca.pem' }}"
+    ETCDCTL_CERT_FILE: "{{ kube_cert_dir + '/etcd/server.crt' if etcd_kubeadm_enabled else etcd_cert_dir + '/admin-' + groups['etcd'][0] + '.pem' }}"
+    ETCDCTL_KEY_FILE: "{{ kube_cert_dir + '/etcd/server.key' if etcd_kubeadm_enabled else etcd_cert_dir + '/admin-' + groups['etcd'][0] + '-key.pem' }}"
    ETCDCTL_ENDPOINTS: "{{ etcd_access_addresses }}"

 - name: Canal | Create canal node manifests

--- a/roles/remove-node/remove-etcd-node/tasks/main.yml
+++ b/roles/remove-node/remove-etcd-node/tasks/main.yml
@@ -34,9 +34,9 @@
    - facts
  environment:
    ETCDCTL_API: 3
-    ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ groups['etcd']|first }}.pem"
-    ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ groups['etcd']|first }}-key.pem"
-    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
+    ETCDCTL_CERT: "{{ kube_cert_dir + '/etcd/server.crt' if etcd_kubeadm_enabled else etcd_cert_dir + '/admin-' + groups['etcd']|first + '.pem' }}"
+    ETCDCTL_KEY: "{{ kube_cert_dir + '/etcd/server.key' if etcd_kubeadm_enabled else etcd_cert_dir + '/admin-' + groups['etcd']|first + '-key.pem' }}"
+    ETCDCTL_CACERT: "{{ kube_cert_dir + '/etcd/ca.crt' if etcd_kubeadm_enabled else etcd_cert_dir + '/ca.pem' }}"
    ETCDCTL_ENDPOINTS: "https://{{ hostvars[groups['etcd']|first]['etcd_access_address'] |
                                   default(hostvars[groups['etcd']|first]['ip']) |
                                   default(hostvars[groups['etcd']|first]['fallback_ips'][groups['etcd']|first]) }}:2379"
@@ -52,9 +52,9 @@
    - facts
  environment:
    ETCDCTL_API: 3
-    ETCDCTL_CERT: "{{ etcd_cert_dir }}/admin-{{ groups['etcd']|first }}.pem"
-    ETCDCTL_KEY: "{{ etcd_cert_dir }}/admin-{{ groups['etcd']|first }}-key.pem"
-    ETCDCTL_CACERT: "{{ etcd_cert_dir }}/ca.pem"
+    ETCDCTL_CERT: "{{ kube_cert_dir + '/etcd/server.crt' if etcd_kubeadm_enabled else etcd_cert_dir + '/admin-' + groups['etcd']|first + '.pem' }}"
+    ETCDCTL_KEY: "{{ kube_cert_dir + '/etcd/server.key' if etcd_kubeadm_enabled else etcd_cert_dir + '/admin-' + groups['etcd']|first + '-key.pem' }}"
+    ETCDCTL_CACERT: "{{ kube_cert_dir + '/etcd/ca.crt' if etcd_kubeadm_enabled else etcd_cert_dir + '/ca.pem' }}"
    ETCDCTL_ENDPOINTS: "https://{{ hostvars[groups['etcd']|first]['etcd_access_address'] |
                                   default(hostvars[groups['etcd']|first]['ip']) |
                                   default(hostvars[groups['etcd']|first]['fallback_ips'][groups['etcd']|first]) }}:2379"