Add the salt-overlay directory to the GCE master-pd and reserve the master's IP#4715
Add the salt-overlay directory to the GCE master-pd and reserve the master's IP#4715zmerlynn merged 2 commits intokubernetes:masterfrom
Conversation
There was a problem hiding this comment.
Did you miss committing this file, or did I miss something?
There was a problem hiding this comment.
Ugh, yeah. Thanks for catching that.
2f126f4 to
a5485d7
Compare
|
I've also added /etc/salt/, as /etc/salt/pki/ contains the dynamically generated RSA keys used by salt. Without saving it, the salt minions on the nodes don't trust a replacement master. |
cluster/gce/templates/mount-pd.sh
Outdated
There was a problem hiding this comment.
If /etc/salt/pki is all you need, would it be safer just to handle that directory alone? (it's another mkdir -m 700, looks like).
I don't see anything immediately unsafe to mimick in the /etc/salt dir, but it feels it would be better to be surgical here.
There was a problem hiding this comment.
Sure, done. Albeit with -m 770, since that's what I'm seeing on my cluster. Are you seeing 700?
There was a problem hiding this comment.
Sorry, you're right. It's 770.
a5485d7 to
34f5c95
Compare
…nd reserve the master's IP upon creation to make it easier to replace the master later. This pulls out the parts of PR kubernetes#3174 that don't break anything and will make upgrading existing clusters in the future less painful. Add /etc/salt to the master-pd
34f5c95 to
6a18b74
Compare
|
LGTM. Will merge on Travis. |
|
Travis is being dumb, and won't show anything useful here. Rolling the dice. |
Add the salt-overlay directory to the GCE master-pd and reserve the master's IP
...upon creation to make it easier to replace the master later.
This pulls out the parts of PR #3174 that don't break anything and will make upgrading existing clusters in the future less painful. #3174 will still need more effort to make work, unfortunately.