diff --git a/bootstrap/api/v1beta1/kthreesconfig_types.go b/bootstrap/api/v1beta1/kthreesconfig_types.go index 59df6c19..77b4458f 100644 --- a/bootstrap/api/v1beta1/kthreesconfig_types.go +++ b/bootstrap/api/v1beta1/kthreesconfig_types.go @@ -51,6 +51,12 @@ type KThreesConfigSpec struct { Version string `json:"version,omitempty"` } +// TODO +// Will need extend this func when implementing other k3s database options. +func (c *KThreesConfigSpec) IsEtcdEmbedded() bool { + return true +} + type KThreesServerConfig struct { // KubeAPIServerArgs is a customized flag for kube-apiserver process // +optional diff --git a/bootstrap/controllers/kthreesconfig_controller.go b/bootstrap/controllers/kthreesconfig_controller.go index b506af50..808f402b 100644 --- a/bootstrap/controllers/kthreesconfig_controller.go +++ b/bootstrap/controllers/kthreesconfig_controller.go @@ -411,7 +411,7 @@ func (r *KThreesConfigReconciler) handleClusterNotInitialized(ctx context.Contex // injects into config.ClusterConfiguration values from top level object r.reconcileTopLevelObjectSettings(scope.Cluster, machine, scope.Config) - certificates := secret.NewCertificatesForInitialControlPlane() + certificates := secret.NewCertificatesForInitialControlPlane(&scope.Config.Spec) err := certificates.LookupOrGenerate( ctx, r.Client, diff --git a/controlplane/controllers/kthreescontrolplane_controller.go b/controlplane/controllers/kthreescontrolplane_controller.go index a880a425..ac13fe93 100644 --- a/controlplane/controllers/kthreescontrolplane_controller.go +++ b/controlplane/controllers/kthreescontrolplane_controller.go @@ -402,7 +402,7 @@ func (r *KThreesControlPlaneReconciler) reconcile(ctx context.Context, cluster * return reconcile.Result{}, err } - certificates := secret.NewCertificatesForInitialControlPlane() + certificates := secret.NewCertificatesForInitialControlPlane(&kcp.Spec.KThreesConfigSpec) controllerRef := metav1.NewControllerRef(kcp, controlplanev1.GroupVersion.WithKind("KThreesControlPlane")) if err := certificates.LookupOrGenerate(ctx, r.Client, util.ObjectKey(cluster), *controllerRef); err != nil { logger.Error(err, "unable to lookup or create cluster certificates") diff --git a/pkg/secret/certificates.go b/pkg/secret/certificates.go index 91b0aaf3..2bc073b0 100644 --- a/pkg/secret/certificates.go +++ b/pkg/secret/certificates.go @@ -65,7 +65,7 @@ var ( type Certificates []*Certificate // NewCertificatesForInitialControlPlane returns a list of certificates configured for a control plane node. -func NewCertificatesForInitialControlPlane() Certificates { +func NewCertificatesForInitialControlPlane(config *bootstrapv1.KThreesConfigSpec) Certificates { certificatesDir := DefaultCertificatesDir certificates := Certificates{ @@ -81,6 +81,15 @@ func NewCertificatesForInitialControlPlane() Certificates { }, } + if config.IsEtcdEmbedded() { + etcdCert := &Certificate{ + Purpose: EtcdCA, + CertFile: filepath.Join(certificatesDir, "etcd", "server-ca.crt"), + KeyFile: filepath.Join(certificatesDir, "etcd", "server-ca.key"), + } + certificates = append(certificates, etcdCert) + } + return certificates }