etcd: enable v2 api only if needed (kubernetes-sigs#8001)

* etcd: enable v2 api only if needed Only enable v2 API if we have a consumer (flannel) This reduce the exposed surface for etcd. * Fix bad group name
sakuraiyuta · Apr 16, 2022 · 65c6ee5 · 65c6ee5
1 parent f872c13
commit 65c6ee5
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/roles/etcd/templates/etcd.env.j2 b/roles/etcd/templates/etcd.env.j2
@@ -32,8 +32,9 @@ ETCD_MAX_SNAPSHOTS={{ etcd_max_snapshots }}
 {% if etcd_max_wals is defined %}
 ETCD_MAX_WALS={{ etcd_max_wals }}
 {% endif %}
-# Flannel need etcd v2 API
+{% if hostvars[groups['k8s_cluster'][0]]['kube_network_plugin'] == 'flannel' %}
 ETCD_ENABLE_V2=true
+{% endif %}
 
 # TLS settings
 ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem