Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix etcd certificates reference to support etcd_kubeadm_enabled:true #7766

Merged
merged 4 commits into from
Jan 10, 2022
Merged

Fix etcd certificates reference to support etcd_kubeadm_enabled:true #7766

merged 4 commits into from
Jan 10, 2022

Conversation

forselli-stratio
Copy link
Contributor

@forselli-stratio forselli-stratio commented Jun 30, 2021
edited by floryut
Loading

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change
/kind bug
/kind cleanup
/kind design
/kind documentation
/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:
This PR fixes some etcd certificates reference, there are many references in other playbooks but i'm not really sure where this replace is needed, please take a look and let me know if these changes are necessary in other playbooks.

Which issue(s) this PR fixes:
Fixes #7765

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Fix etcd certificates reference to support `etcd_kubeadm_enabled: true`

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jun 30, 2021
@k8s-ci-robot k8s-ci-robot requested review from bozzo and EppO June 30, 2021 13:49
@k8s-ci-robot
Copy link
Contributor

Hi @forselli-stratio. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jun 30, 2021
floryut
floryut approved these changes Sep 24, 2021
View reviewed changes
Copy link
Member

@floryut floryut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/ok-to-test
/cc @champtar @oomichi

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 24, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: floryut, forselli-stratio

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 24, 2021
oomichi
oomichi reviewed Oct 19, 2021
View reviewed changes
Copy link
Contributor

@oomichi oomichi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/cc @oomichi

roles/etcd/tasks/join_etcd_member.yml Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot requested a review from oomichi October 19, 2021 17:18
@oomichi
Copy link
Contributor

oomichi commented Nov 2, 2021

@forselli-stratio
Could you rebase this pull request on the latest master branch for kicking CI jobs again?
I cannot find any issue on current pull request, and it is better to re-run jobs.

@forselli-stratio forselli-stratio force-pushed the etcd-static-pod-kubespray branch from 64bf7ef to 8b91cfa Compare November 29, 2021 11:01
@forselli-stratio
Copy link
Contributor Author

/retest

@oomichi
Copy link
Contributor

oomichi commented Dec 22, 2021

@forselli-stratio Could you rebase this pull request again?

git checkout master
git remote add upstream git://github.com/kubernetes-sigs/kubespray.git
git fetch upstream
git checkout etcd-static-pod-kubespray
git rebase master

@forselli-stratio forselli-stratio force-pushed the etcd-static-pod-kubespray branch from 8b91cfa to e96c2ff Compare January 10, 2022 10:22
@forselli-stratio forselli-stratio force-pushed the etcd-static-pod-kubespray branch from c26087c to e1d65ea Compare January 10, 2022 10:27
@forselli-stratio
Copy link
Contributor Author

Hi @oomichi , can you take a look at this please? Thanks!

oomichi
oomichi reviewed Jan 10, 2022
View reviewed changes
Copy link
Contributor

@oomichi oomichi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

roles/network_plugin/canal/tasks/main.yml
ETCDCTL_KEY_FILE: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
ETCDCTL_CA_FILE: "{{ kube_cert_dir + '/etcd/ca.crt' if etcd_kubeadm_enabled else etcd_cert_dir + '/ca.pem' }}"
ETCDCTL_CERT_FILE: "{{ kube_cert_dir + '/etcd/server.crt' if etcd_kubeadm_enabled else etcd_cert_dir + '/admin-' + groups['etcd'][0] + '.pem' }}"
ETCDCTL_KEY_FILE: "{{ kube_cert_dir + '/etcd/server.key' if etcd_kubeadm_enabled else etcd_cert_dir + '/admin-' + groups['etcd'][0] + '-key.pem' }}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to

kubespray/roles/etcdctl/templates/etcdctl.sh.j2

Lines 5 to 8 in 57a1d18

etcdctl \
--cacert {{ kube_cert_dir }}/etcd/ca.crt \
--cert {{ kube_cert_dir }}/etcd/server.crt \
--key {{ kube_cert_dir }}/etcd/server.key "$@"

those paths seem good for me.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 10, 2022
@k8s-ci-robot k8s-ci-robot merged commit df425ac into kubernetes-sigs:master Jan 10, 2022
sakuraiyuta pushed a commit to sakuraiyuta/kubespray that referenced this pull request Apr 16, 2022
@forselli-stratio @sakuraiyuta
Fix etcd certificates reference to support etcd_kubeadm_enabled:true (k…
50ab9dd 
…ubernetes-sigs#7766)

* Fix etcd certificates reference to support etcd_kubeadm_enabled:true

* Add retries to ETCD Join Member task

* Fix etcd certificates reference when etcd_kubeadm_enabled:true

* Fix conflicts
@oomichi oomichi mentioned this pull request May 28, 2022
Closed
LuckySB pushed a commit to southbridgeio/kubespray that referenced this pull request Jun 29, 2023
@forselli-stratio @LuckySB
Fix etcd certificates reference to support etcd_kubeadm_enabled:true (k…
61003ef 
…ubernetes-sigs#7766)

* Fix etcd certificates reference to support etcd_kubeadm_enabled:true

* Add retries to ETCD Join Member task

* Fix etcd certificates reference when etcd_kubeadm_enabled:true

* Fix conflicts
LuckySB pushed a commit to southbridgeio/kubespray that referenced this pull request Oct 20, 2023
@forselli-stratio @LuckySB
Fix etcd certificates reference to support etcd_kubeadm_enabled:true (k…
5e92255 
…ubernetes-sigs#7766)

* Fix etcd certificates reference to support etcd_kubeadm_enabled:true

* Add retries to ETCD Join Member task

* Fix etcd certificates reference when etcd_kubeadm_enabled:true

* Fix conflicts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@unai-ttxu unai-ttxu unai-ttxu left review comments

@oomichi oomichi oomichi left review comments

@floryut floryut floryut approved these changes

@bozzo bozzo Awaiting requested review from bozzo

@EppO EppO Awaiting requested review from EppO

@champtar champtar Awaiting requested review from champtar

Assignees

@oomichi oomichi

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Etcd certificates reference is wrong when deploying with etcd_kubeadm_enabled:true
5 participants
@forselli-stratio @k8s-ci-robot @oomichi @unai-ttxu @floryut