From ad6b7ec1a4347753488de3ab5813947f01967078 Mon Sep 17 00:00:00 2001 From: Andrey Smirnov Date: Tue, 29 Mar 2022 22:53:32 +0300 Subject: [PATCH] fix: enable etcd consistency on check startup See: - https://github.com/etcd-io/etcd/issues/13766 - https://github.com/kubernetes/kubeadm/issues/2676 Signed-off-by: Andrey Smirnov --- .../app/machined/pkg/system/services/etcd.go | 58 ++++++++++--------- 1 file changed, 30 insertions(+), 28 deletions(-) diff --git a/internal/app/machined/pkg/system/services/etcd.go b/internal/app/machined/pkg/system/services/etcd.go index bbd8d9d7f5..0d145c6cbe 100644 --- a/internal/app/machined/pkg/system/services/etcd.go +++ b/internal/app/machined/pkg/system/services/etcd.go @@ -486,20 +486,21 @@ func (e *Etcd) argsForInit(ctx context.Context, r runtime.Runtime) error { // TODO(scm): see issue #2121 and description below in argsForControlPlane. denyListArgs := argsbuilder.Args{ - "name": hostname, - "auto-tls": "false", - "peer-auto-tls": "false", - "data-dir": constants.EtcdDataPath, - "listen-peer-urls": "https://" + net.FormatAddress(listenAddress) + ":2380", - "listen-client-urls": "https://" + net.FormatAddress(listenAddress) + ":2379", - "client-cert-auth": "true", - "cert-file": constants.KubernetesEtcdCert, - "key-file": constants.KubernetesEtcdKey, - "trusted-ca-file": constants.KubernetesEtcdCACert, - "peer-client-cert-auth": "true", - "peer-cert-file": constants.KubernetesEtcdPeerCert, - "peer-key-file": constants.KubernetesEtcdPeerKey, - "peer-trusted-ca-file": constants.KubernetesEtcdCACert, + "name": hostname, + "auto-tls": "false", + "peer-auto-tls": "false", + "data-dir": constants.EtcdDataPath, + "listen-peer-urls": "https://" + net.FormatAddress(listenAddress) + ":2380", + "listen-client-urls": "https://" + net.FormatAddress(listenAddress) + ":2379", + "client-cert-auth": "true", + "cert-file": constants.KubernetesEtcdCert, + "key-file": constants.KubernetesEtcdKey, + "trusted-ca-file": constants.KubernetesEtcdCACert, + "peer-client-cert-auth": "true", + "peer-cert-file": constants.KubernetesEtcdPeerCert, + "peer-key-file": constants.KubernetesEtcdPeerKey, + "peer-trusted-ca-file": constants.KubernetesEtcdCACert, + "experimental-initial-corrupt-check": "true", } extraArgs := argsbuilder.Args(r.Config().Cluster().Etcd().ExtraArgs()) @@ -571,20 +572,21 @@ func (e *Etcd) argsForControlPlane(ctx context.Context, r runtime.Runtime) error } denyListArgs := argsbuilder.Args{ - "name": hostname, - "auto-tls": "false", - "peer-auto-tls": "false", - "data-dir": constants.EtcdDataPath, - "listen-peer-urls": "https://" + net.FormatAddress(listenAddress) + ":2380", - "listen-client-urls": "https://" + net.FormatAddress(listenAddress) + ":2379", - "client-cert-auth": "true", - "cert-file": constants.KubernetesEtcdPeerCert, - "key-file": constants.KubernetesEtcdPeerKey, - "trusted-ca-file": constants.KubernetesEtcdCACert, - "peer-client-cert-auth": "true", - "peer-cert-file": constants.KubernetesEtcdPeerCert, - "peer-key-file": constants.KubernetesEtcdPeerKey, - "peer-trusted-ca-file": constants.KubernetesEtcdCACert, + "name": hostname, + "auto-tls": "false", + "peer-auto-tls": "false", + "data-dir": constants.EtcdDataPath, + "listen-peer-urls": "https://" + net.FormatAddress(listenAddress) + ":2380", + "listen-client-urls": "https://" + net.FormatAddress(listenAddress) + ":2379", + "client-cert-auth": "true", + "cert-file": constants.KubernetesEtcdPeerCert, + "key-file": constants.KubernetesEtcdPeerKey, + "trusted-ca-file": constants.KubernetesEtcdCACert, + "peer-client-cert-auth": "true", + "peer-cert-file": constants.KubernetesEtcdPeerCert, + "peer-key-file": constants.KubernetesEtcdPeerKey, + "peer-trusted-ca-file": constants.KubernetesEtcdCACert, + "experimental-initial-corrupt-check": "true", } extraArgs := argsbuilder.Args(r.Config().Cluster().Etcd().ExtraArgs())