packages/eggo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
eggo/0015-delete-apiserver-kubelet-https-flag-and-add-lb-bind-.patch
zhangxiaoyu 4d2b584c03 fix makefile build error 
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
2022-09-19 20:03:33 +08:00

87 lines
4.2 KiB
Diff
Raw Blame History

From 83a2ad6a3b68180d0c926280500dd20ee715f26e Mon Sep 17 00:00:00 2001
From: zhangxiaoyu <zhangxiaoyu58@huawei.com>
Date: Wed, 15 Dec 2021 10:32:29 +0800
Subject: [PATCH 15/17] delete apiserver kubelet-https flag, and add lb bind
port in firewall
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
---
cmd/configs.go | 13 +++++++++++--
.../binary/commontools/systemdservices.go | 1 -
pkg/utils/template/template_test.go | 2 --
3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/cmd/configs.go b/cmd/configs.go
index beefd9d..326e889 100644
--- a/cmd/configs.go
+++ b/cmd/configs.go
@@ -300,7 +300,7 @@ func fillPackageConfig(ccfg *api.ClusterConfig, icfg *InstallConfig) {
}
}
-func fillOpenPort(ccfg *api.ClusterConfig, openports map[string][]*OpenPorts, dnsType string) {
+func fillOpenPort(ccfg *api.ClusterConfig, openports map[string][]*OpenPorts, dnsType string, lb LoadBalance) {
// key: master, worker, etcd, loadbalance
for t, p := range openports {
role, ok := toTypeInt[t]
@@ -316,6 +316,15 @@ func fillOpenPort(ccfg *api.ClusterConfig, openports map[string][]*OpenPorts, dn
ccfg.RoleInfra[api.Master].OpenPorts =
append(ccfg.RoleInfra[api.Master].OpenPorts, infra.CorednsPorts...)
}
+
+ if lb.Ip != "" && lb.BindPort > 0 {
+ ccfg.RoleInfra[api.LoadBalance].OpenPorts =
+ append(ccfg.RoleInfra[api.LoadBalance].OpenPorts, &api.OpenPorts{
+ Port: lb.BindPort,
+ Protocol: "tcp",
+ })
+ return
+ }
}
func defaultHostName(clusterID string, nodeType string, i int) string {
@@ -588,7 +597,7 @@ func toClusterdeploymentConfig(conf *DeployConfig) *api.ClusterConfig {
fillLoadBalance(&ccfg.LoadBalancer, conf.LoadBalance)
fillAPIEndPoint(&ccfg.APIEndpoint, conf)
fillPackageConfig(ccfg, &conf.InstallConfig)
- fillOpenPort(ccfg, conf.OpenPorts, conf.Service.DNS.CorednsType)
+ fillOpenPort(ccfg, conf.OpenPorts, conf.Service.DNS.CorednsType, conf.LoadBalance)
ccfg.WorkerConfig.KubeletConf.EnableServer = conf.EnableKubeletServing
fillExtrArgs(ccfg, conf.ConfigExtraArgs)
diff --git a/pkg/clusterdeployment/binary/commontools/systemdservices.go b/pkg/clusterdeployment/binary/commontools/systemdservices.go
index 0a17ee2..3b32e22 100644
--- a/pkg/clusterdeployment/binary/commontools/systemdservices.go
+++ b/pkg/clusterdeployment/binary/commontools/systemdservices.go
@@ -44,7 +44,6 @@ func SetupAPIServerService(r runner.Runner, ccfg *api.ClusterConfig, hcf *api.Ho
"--client-ca-file": "/etc/kubernetes/pki/ca.crt",
"--kubelet-client-certificate": "/etc/kubernetes/pki/apiserver-kubelet-client.crt",
"--kubelet-client-key": "/etc/kubernetes/pki/apiserver-kubelet-client.key",
- "--kubelet-https": "true",
"--proxy-client-cert-file": "/etc/kubernetes/pki/front-proxy-client.crt",
"--proxy-client-key-file": "/etc/kubernetes/pki/front-proxy-client.key",
"--tls-cert-file": "/etc/kubernetes/pki/apiserver.crt",
diff --git a/pkg/utils/template/template_test.go b/pkg/utils/template/template_test.go
index 2d13329..ae46d48 100644
--- a/pkg/utils/template/template_test.go
+++ b/pkg/utils/template/template_test.go
@@ -156,7 +156,6 @@ func TestCreateSystemdServiceTemplate(t *testing.T) {
"--client-ca-file=/etc/kubernetes/pki/ca.crt",
"--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt",
"--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key",
- "--kubelet-https=true",
"--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt",
"--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key",
"--tls-cert-file=/etc/kubernetes/pki/apiserver.crt",
@@ -195,7 +194,6 @@ ExecStart=/usr/bin/kube-apiserver \
--client-ca-file=/etc/kubernetes/pki/ca.crt \
--kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt \
--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key \
- --kubelet-https=true \
--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt \
--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key \
--tls-cert-file=/etc/kubernetes/pki/apiserver.crt \
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink