kubesphere
diff --git a/‎builtin/core/defaults/inventory/localhost.yaml‎
Lines changed: 1 addition & 0 deletions b/‎builtin/core/defaults/inventory/localhost.yaml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎builtin/core/playbooks/add_nodes.yaml‎
Lines changed: 41 additions & 2 deletions b/‎builtin/core/playbooks/add_nodes.yaml‎
Lines changed: 41 additions & 2 deletions
diff --git a/‎builtin/core/playbooks/create_cluster.yaml‎
Lines changed: 4 additions & 1 deletion b/‎builtin/core/playbooks/create_cluster.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎builtin/core/playbooks/delete_cluster.yaml‎
Lines changed: 2 additions & 2 deletions b/‎builtin/core/playbooks/delete_cluster.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎builtin/core/playbooks/delete_nodes.yaml‎
Lines changed: 37 additions & 5 deletions b/‎builtin/core/playbooks/delete_nodes.yaml‎
Lines changed: 37 additions & 5 deletions
diff --git a/‎builtin/core/roles/certs/init/tasks/main.yaml‎
Lines changed: 32 additions & 11 deletions b/‎builtin/core/roles/certs/init/tasks/main.yaml‎
Lines changed: 32 additions & 11 deletions
diff --git a/‎builtin/core/roles/certs/renew/etcd/tasks/main.yaml‎
Lines changed: 3 additions & 3 deletions b/‎builtin/core/roles/certs/renew/etcd/tasks/main.yaml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎builtin/core/roles/certs/renew/kubernetes/tasks/etcd.yaml‎
Lines changed: 2 additions & 2 deletions b/‎builtin/core/roles/certs/renew/kubernetes/tasks/etcd.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎builtin/core/roles/defaults/defaults/main/02-certs.yaml‎
Lines changed: 2 additions & 0 deletions b/‎builtin/core/roles/defaults/defaults/main/02-certs.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎builtin/core/roles/defaults/defaults/main/04-etcd.yaml‎
Lines changed: 10 additions & 5 deletions b/‎builtin/core/roles/defaults/defaults/main/04-etcd.yaml‎
Lines changed: 10 additions & 5 deletions
@@ -14,6 +14,7 @@ spec:
     #     port: 22
     #     user: root
     #     password: 123456
+    #   internal_ipv4: 1.1.1.1
   groups:
     # all kubernetes nodes.
     k8s_cluster:
 
@@ -36,8 +36,48 @@
     - etcd
   gather_facts: true
   roles:
-    - role: etcd
+    - role: etcd/prepare
       when: .etcd.deployment_type | eq "external"
+    - role: etcd/backup
+      when: .etcd.deployment_type | eq "external"
+- hosts:
+    - etcd
+  serial: 1
+  roles:
+    - role: etcd/scaling_up/learner
+      when:
+        - .etcd.deployment_type | eq "external"  
+        - .installed_etcd | empty | not      
+        - .need_installed_etcd | default list | has .inventory_hostname
+    - role: etcd/install
+      when: 
+        - .etcd.deployment_type | eq "external"
+        - .installed_etcd | empty | not      
+        - .need_installed_etcd | default list | has .inventory_hostname
+    - role: etcd/scaling_up/promote
+      when:
+        - .etcd.deployment_type | eq "external"
+        - .installed_etcd | empty | not      
+        - .need_installed_etcd | default list | has .inventory_hostname
+- hosts:
+    - etcd
+  gather_facts: true
+  roles:
+    - role: etcd/postprocess
+      when:
+        - .etcd.deployment_type | eq "external"
+        - .installed_etcd | empty | not      
+        - .need_installed_etcd | default list | has .inventory_hostname
+        
+- hosts:
+    - kube_control_plane
+  serial: 1
+  roles:
+    - role: kubernetes/sync-etcd-config
+      when:
+        - .need_installed_etcd | empty | not
+        - .etcd.deployment_type | eq "external"
+        - .kubernetes_install_ActiveState.stdout | eq "active"
 
 - hosts:
     - k8s_cluster
@@ -47,7 +87,6 @@
     - role: kubernetes/pre-kubernetes
       when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
     - role: kubernetes/init-kubernetes
-      when: or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
     - role: kubernetes/join-kubernetes
       when:
         - or (.add_nodes | default list | empty) (.add_nodes | default list | has .inventory_hostname)
 
@@ -35,8 +35,11 @@
 - hosts:
     - etcd
   roles:
-    - role: etcd
+    - role: etcd/prepare
       when: .etcd.deployment_type | eq "external"
+    - role: etcd/install
+      when: .etcd.deployment_type | eq "external"
+
 
 # Install the private image registry
 - hosts:
 
@@ -32,8 +32,8 @@
 - hosts:
     - etcd
   roles:
-    - role: uninstall/etcd
-      when: 
+    - role: etcd/scaling_down
+      when:
         - .delete.etcd
         - .etcd.deployment_type | eq "external"
 
 
@@ -10,14 +10,39 @@
   gather_facts: true
   roles:
     - defaults
-    - precheck
 
 - hosts:
-    - kube_control_plane
+    - etcd
+  roles:
+    - role: etcd/prepare
+      when: 
+        - .delete.etcd
+        - .etcd.deployment_type | eq "external"
+- hosts:
+    - etcd
+  serial: 1 
+  roles:
+    - role: etcd/scaling_down
+      when: 
+        - .delete.etcd
+        - .etcd.deployment_type | eq "external"
+        - .need_uninstall_etcd | has .inventory_hostname
+- hosts:
+    - etcd
   gather_facts: true
-  tasks:
+  roles:
+    - role: etcd/postprocess
+      when: 
+        - .delete.etcd
+        - .etcd.deployment_type | eq "external"
+        - .need_uninstall_etcd | empty | not
+        - .need_uninstall_etcd | has .inventory_hostname | not 
+
+- hosts:
+    - kube_control_plane
+  serial: 1
+  pre_tasks:
     - name: DeleteNode | Ensure at least one control plane node remains in the cluster
-      run_once: true
       command: |
         {{- $cpNodes := list -}}
         {{- range .groups.kube_control_plane -}}
@@ -29,6 +54,13 @@
         echo "At least one control plane node must be retained in the cluster." >&2
         exit 1
         {{- end }}
+  roles:
+    - role: kubernetes/sync-etcd-config
+      when:
+        - .need_installed_etcd | empty | not
+        - .etcd.deployment_type | eq "external"
+        - .kubernetes_install_ActiveState.stdout | eq "active"
+        - .delete_nodes | default list | has .inventory_hostname | not
 
 - hosts: 
     - k8s_cluster
@@ -71,7 +103,7 @@
 - hosts:
     - etcd
   roles:
-    - role: uninstall/etcd
+    - role: etcd
       when: 
         - .delete.etcd
         - .etcd.deployment_type | eq "external"
 
@@ -42,6 +42,8 @@
           {{ .binary_dir }}/pki/front-proxy.crt
 
 - name: Cert | Generate the etcd certificate file
+  loop: "{{ .groups.etcd | toJson }}"  
+  when: .item | empty | not
   gen_cert:
     root_key: >-
       {{ .binary_dir }}/pki/root.key
@@ -50,24 +52,43 @@
     cn: etcd
     sans: >-
       {{- $ips := list -}}
-      {{- range .groups.etcd | default list -}}
-        {{- $internalIPv4 := index $.hostvars . "internal_ipv4" | default "" -}}
-        {{- $internalIPv6 := index $.hostvars . "internal_ipv6" | default "" -}}
-        {{- if $internalIPv4 | empty | not -}}
-          {{- $ips = append $ips $internalIPv4 -}}
-        {{- end -}}
-        {{- if $internalIPv6 | empty | not -}}
-          {{- $ips = append $ips $internalIPv6 -}}
-        {{- end -}}
+      {{- $hostname := index .hostvars .item "hostname" | default "" -}}
+      {{- if .native.set_hostname -}}
+        {{- $hostname = .item -}}
+      {{- end -}}
+      {{- if $hostname | empty | not -}}
+        {{- $ips = append $ips $hostname -}}
+      {{- end -}}
+      {{- $internalIPv4 := index .hostvars .item "internal_ipv4" | default "" -}}
+      {{- if $internalIPv4 | empty | not -}}
+        {{- $ips = append $ips $internalIPv4 -}}
+      {{- end -}}
+      {{- $internalIPv6 := index .hostvars .item "internal_ipv6" | default "" -}}
+      {{- if $internalIPv6 | empty | not -}}
+        {{- $ips = append $ips $internalIPv6 -}}
       {{- end -}}
       {{ $ips | toJson }}
     date: "{{ .certs.etcd.date }}"
     policy: "{{ .certs.etcd.gen_cert_policy }}"
     out_key: >-
-      {{ .binary_dir }}/pki/etcd.key
+      {{ .binary_dir }}/pki/etcd-{{ .item }}.key
     out_cert: >-
-      {{ .binary_dir }}/pki/etcd.crt
+      {{ .binary_dir }}/pki/etcd-{{ .item }}.crt
+
+- name: Cert | Generate the etcd client certificate file
   when: .groups.etcd | default list | empty | not
+  gen_cert:
+    root_key: >-
+      {{ .binary_dir }}/pki/root.key
+    root_cert: >-
+      {{ .binary_dir }}/pki/root.crt
+    cn: etcd
+    date: "{{ .certs.etcd.date }}"
+    policy: "{{ .certs.etcd.gen_cert_policy }}"
+    out_key: >-
+      {{ .binary_dir }}/pki/etcd-client.key
+    out_cert: >-
+      {{ .binary_dir }}/pki/etcd-client.crt
 
 - name: Cert | Generate the image registry certificate file
   tags: ["image_registry"]
 
@@ -2,19 +2,19 @@
 - name: ETCD | Copy CA certificate to remote host
   copy:
     src: >-
-      {{ ..etcd.ca_file }}
+      {{ .etcd.ca_file }}
     dest: /etc/ssl/etcd/ssl/ca.crt
 
 - name: ETCD | Copy server certificate to remote host
   copy:
     src: >-
-      {{ .etcd.cert_file }}
+      {{ tpl .etcd.server_cert_file .inventory_hostname }}
     dest: /etc/ssl/etcd/ssl/server.crt
 
 - name: ETCD | Copy server private key to remote host
   copy:
     src: >-
-      {{ .etcd.key_file }}
+      {{ tpl .etcd.server_key_file .inventory_hostname }}
     dest: /etc/ssl/etcd/ssl/server.key
 
 - name: ETCD | Restart etcd service to apply new certificates
 
@@ -9,13 +9,13 @@
 - name: ETCD | Copy client certificate to remote host
   copy:
     src: >-
-      {{ .etcd.cert_file }}
+      {{ .etcd.client_cert_file }}
     dest: /etc/kubernetes/pki/etcd/client.crt
     mode: 0755
 
 - name: ETCD | Copy client key to remote host
   copy:
     src: >-
-      {{ .etcd.key_file }}
+      {{ .etcd.client_key_file }}
     dest: /etc/kubernetes/pki/etcd/client.key
     mode: 0755
@@ -8,6 +8,8 @@
 # CA (self-signed or provided)
 # |- etcd.cert
 # |- etcd.key
+# |- etcd-client.cert
+# |- etcd-client.key
 # |
 # |- image_registry.cert
 # |- image_registry.key
 
@@ -9,7 +9,8 @@ etcd:
       {{ .image_registry.dockerio_registry }}
     repository: kubesphere/etcd
     tag: "{{ .etcd.etcd_version }}"
-  #    endpoints: ["https://127.1.1.1:2379"]
+  port: 2379
+  peer_port: 2380
   # Environment variables for etcd service
   env:
     election_timeout: 5000
@@ -37,7 +38,11 @@ etcd:
   traffic_priority: false
   ca_file: >-
     {{ .binary_dir }}/pki/root.crt
-  cert_file: >-
-    {{ .binary_dir }}/pki/etcd.crt
-  key_file: >-
-    {{ .binary_dir }}/pki/etcd.key
+  server_cert_file: >-
+    {{ .binary_dir }}/pki/etcd-{{ "{{ . }}" }}.crt
+  server_key_file: >-
+    {{ .binary_dir }}/pki/etcd-{{ "{{ . }}" }}.key
+  client_cert_file: >-
+    {{ .binary_dir }}/pki/etcd-client.crt
+  client_key_file: >-
+    {{ .binary_dir }}/pki/etcd-client.key