aboutsummaryrefslogtreecommitdiffstats
path: root/deploy/adapters/ansible/kubernetes/roles/kargo/files
diff options
context:
space:
mode:
authorHU Xinhui <xinhui_hu@foxmail.com>2018-01-26 01:32:19 +0000
committerGerrit Code Review <gerrit@opnfv.org>2018-01-26 01:32:19 +0000
commit1c45ef1990c394688ab5a2b6e44f90fe88909acf (patch)
tree249f65e2a3f8ebf0ea46f31083b3f0b318268644 /deploy/adapters/ansible/kubernetes/roles/kargo/files
parent8efd8e09cd89f38398f61d39619c03ae599e26b2 (diff)
parentc6b9a863cf92f824e8b8e3004f6e1f649170e4f1 (diff)
Merge "spport k8s apiserver HA compass installer deploy k8s using kubespray for default, but k8s apiserver HA is not implemented by kubespray, This patch aim is to achieve the k8s apiserver HA Change-Id: I805b5eb2f4efa7ca82fcef7bfd3f4cad35ed65b5 JIRA: - Signed-off-by: hu xinhui <xinhui_hu@foxmail.com>"
Diffstat (limited to 'deploy/adapters/ansible/kubernetes/roles/kargo/files')
-rw-r--r--deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j234
1 files changed, 34 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2 b/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2
new file mode 100644
index 00000000..d998d4cb
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/kargo/files/openssl.conf.j2
@@ -0,0 +1,34 @@
+[req]
+req_extensions = v3_req
+distinguished_name = req_distinguished_name
+[req_distinguished_name]
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+subjectAltName = @alt_names
+[alt_names]
+DNS.1 = kubernetes
+DNS.2 = kubernetes.default
+DNS.3 = kubernetes.default.svc
+DNS.4 = kubernetes.default.svc.{{ dns_domain }}
+DNS.5 = localhost
+{% for host in groups['kube-master'] %}
+DNS.{{ 5 + loop.index }} = {{ host }}
+{% endfor %}
+{% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
+{% set idx = groups['kube-master'] | length | int + 5 + 1 %}
+DNS.{{ idx | string }} = {{ apiserver_loadbalancer_domain_name }}
+{% endif %}
+{% for host in groups['kube-master'] %}
+IP.{{ 2 * loop.index - 1 }} = {{ hostvars[host]['access_ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
+IP.{{ 2 * loop.index }} = {{ hostvars[host]['ip'] | default(hostvars[host]['ansible_default_ipv4']['address']) }}
+{% endfor %}
+{% set idx = groups['kube-master'] | length | int * 2 + 1 %}
+IP.{{ idx }} = {{ kube_apiserver_ip }}
+IP.{{ idx + 1 }} = 127.0.0.1
+{% if supplementary_addresses_in_ssl_keys is defined %}
+{% set is = idx + 1 %}
+{% for addr in supplementary_addresses_in_ssl_keys %}
+IP.{{ is + loop.index }} = {{ addr }}
+{% endfor %}
+{% endif %}